Last visit was: Sat Jul 05, 2014 12:06 pm
It is currently Sat Jul 05, 2014 12:06 pm

automated tool for phishing reporting


All times are UTC - 5 hours [ DST ]


 [ 8 posts ] 
Author Message
 PostPosted: Mon Sep 21, 2009 6:35 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
taking pieces of code from xComplaint, I'm writing an automated tool for phishing reporting.
Automatically discern if a web site is cracked or is a phish domain (just registered), recover host or registrar and so on.
My idea is also to keep track of all received links, and periodically check if are suspended.

First version will be a bash script, next will be a compiled C, last a C with GUI.


Top
 Profile  
 PostPosted: Mon Sep 21, 2009 7:44 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Definitely keep us updated. I have a gaggle of people who would use this on a daily basis.

SiL


Top
 Profile  
 PostPosted: Tue Sep 22, 2009 10:08 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Nice, just caught this post, efa. Thank you for your contribution. I look forward to seeing it later. :)


Top
 Profile  
 PostPosted: Tue Sep 22, 2009 11:17 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
I don't know how complex the programming would be, but a program that would save a timestamped copy of the data would help replace what Castlecops's PIRT was doing, as far as saving data for law enforcement.


Top
 Profile  
 PostPosted: Thu Sep 24, 2009 3:25 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
AlphaCentauri wrote:
a program that would save a timestamped copy of the data

are you speaking about saving the phish email or saving the phish web site?


Top
 Profile  
 PostPosted: Thu Sep 24, 2009 4:51 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
efa wrote:
AlphaCentauri wrote:
a program that would save a timestamped copy of the data

are you speaking about saving the phish email or saving the phish web site?


Saving anything that would be useful in court if someone gets arrested -- documenting the email with headers to show he violated the law using someone else's computer to mail it and that there were false statements in the message, document the hosting and registration information, document the content of the sites -- if you can do all of it, you're recreating PIRT, which a lot of people would like to see happen. The question is where to store the data, how much you can store, how to do it so it can't be altered without a time stamp for legal purposes, and how to get law enforcement to take notice. Even doing part of it would be useful.

There are lots of agencies with spamtraps working with law enforcement, saving the raw spams with headers. So if we can't do everything, saving the spam is not critical. It would be useful having documentation of the registration information, nameserver information, the IP's where each was hosted, maybe some sampling of the changing IP's for fast flux, etc. Our own stored sent Complainterator reports are informal documentation, but again, they aren't as valid for legal purposes since they can be altered without it being apparent what's been done or when or by whom.


Top
 Profile  
 PostPosted: Thu Sep 24, 2009 6:08 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
saving phish/spam email is already done by xComplaint in "forwarded.txt" local file, so it is easy.
Saving web pages is little difficult, but xComplaint from last version download the web pages to look for redirection link, and so it is not so difficult to save also these data.
As now I use 'wget' to download web pages as xComplaint is a CLI application, but with the GUI version I can use WebKit
http://en.wikipedia.org/wiki/WebKit
that seems faster then Gecko (Mozilla engine).

The difficulties come from recovering all other informations, space to save all the web sites, and a form of protection against alterations (I can't imagine a valid one)

I do not know the story behind PIRT and Castlecops (I'm interested in), but I know that the only software that survive to time is opensource.
Imagine an author, lot of work to write an application, keeping it closed source. Time passes, interest changes. The author become not interested in further developing or simply miss time. All the good work is lost. I remember tens of applications disappeared so. And many others released as opensource as they can survive.
GPL software can be further developed from other people. Imagine a collaborative work, we can reach objectives that one men alone can't.
This is the trick behind GNU and Linux, collaborative work, shared intelligence and opensource. They often arrive later, but do it better and forever.


Top
 Profile  
 PostPosted: Sun Jun 20, 2010 7:29 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
I developed a piece of code to decode any escape sequences inside javascript embedded in html pages attached to emails. This is a recent technique used by phisher to hidded POST link. Will become part of xPhish. As now xPhish will be packaged with next version of xComplaint.


Top
 Profile  
 [ 8 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008