Tekblog

I am currently reading a read me from a recent .rar that I downloaded and extracted over at Tubnut (that is a pet name for  my virtual station that analyzes files.)  The one question in the read me that consistently catches my attention is —How can I get somebody to login to my phisher— The answer: “That’s for you to find out, use your mind. Probably the simplest way is Social Engineering and some phishing skill. Here is an example : hXXp://imgdevil.com/pfiles/11140/munged”

The one commonality between affiliate marketers and cyber-criminals is that they are both highly adept in the art of social engineering. Michigan.gov defines social engineering as “an approach to gain access to information, primarily through misrepresentation, and often relies on the trusting nature of most individuals.”

Most affiliate marketers remain in the gray area of social engineering.  They also hold a strong emphasis on scam-type marketing campaigns in order to promote traffic to their website, specifically for the purpose of financial gain.  In comparison, Cyber-criminals fully embark in blackhat social engineering techniques, developing fake “phishing” sites in order to gain access to financial accounts.

Today I found an affiliate marketer on Twitter who participates in both forms of social engineering.  Though his account is not listed in Twitter search, I assume that he is from Pakistan and that he only uses anonymous accounts/sites to post content.  I am not posting his information here at the Tekblog.  For the purpose of this post I will refer to the affiliate marketer/phisher as P-man. So lets now move on to disclose some of the findings from P-mans phishing .rar.

I was 100% amazed to not find a Twitter Phisher here!

The major points that P-man promotes is that a phisher must:

1- Find a web host that supports php
2- Have a plan in place to send victims to the Index page
3- Learn how to hide links in forums
4- Seek free hosting/free domains (all anonymous)
5- What email spamming service to use
6- The use of URL shortening services to hide the phish
7- Proxies

There are also text files in many of the phishing folders that direct you to other underground technology websites.  You will be instructed to register at these sites before you are allowed access.  I believe that these underground sites will also be looking at your IP, OS vulnerabilities, etc in order to asses your intentions in registering.  You can anticipate that there will be many sites that will also redirect you to set up a meeting in mIRC, regarding more complex phishing site configurations.

Paypal

While perusing the Paypal directory I noticed that there was a possible paypal phishing tutorial located at  the free domain of DaveDaDon.  His motto: Touch ME? Neva. His domain is now suspended…

Ironically Touch ME? Neva guy who goes by the online name of DAVEDADON,  had the balls last year to post at the Microsoft Fóruns do Visual Studio.  Perhaps ego rides a wild donkey too?

Freewebs

DAVEDADON also allegedly provided a Freewebs phishing tutorial at his now defunct site. This was the one and only folder in the .rar that included a WARNING.

This warning, apparently intended to pose as a disclaimer against holding DaveDaDon liable for anything that smacked of criminal intent:

DaveDaDon is not playing nice with his phishing students either!

P-man is anonymous…He uses Twitter and Facebook to push traffic back to an anonymous website.  P-man has myriad Pakistani friends.  P-man affiliates with phishers, may be phishing,  and emulates  viral marketing.

Online age: 13-21

Country: Pakistan

Twitter: 1007 followers (affiliate marketer, filtered from Twitter search)

Facebook: Fan page, 104 followers (most download links lead back to P-mans blog)

Until Next time — Stay safe online!

Tags: affiliate marketing, Blackhat, phishing, social engineering, spam, Zbot