The other day I found a phishing spam in my Gmail account's spam folder. While it's getting rare to get a phishing spam and have the phishing site still operating, this one was. So like many of us curiosity got the better of me and I saved the source code for the web page, and wondered how difficult it would be to write a Perl script to send data to the phishing site. Well the answer is with a few module like LWP, HTTP and DBI from cpan it takes about a 120 lines of well formated legible code, (or 20 as the camel walks). Using a database I already had the little script takes random first and last names, addresses, randomly generated SSNs, passwords, Mother's maiden name etc. and sends it to any website I want it to, even my own!
I named my little script chummer, after the guy who throws fish guts off the boat to attract predators to the people who hold the fishing poles; then it occurred to me that chum was also pretty good at attracting bugs. So now the big question is, If I fall prey the the highly satisfying urge to fill phishing sites up with a couple gigabytes of well formed but bad data using my little test script, Am I breaking the law; and if I am is anyone likely to care?
Does anyone thing I should generalize the program to be more analytical and possibly configure itself to send data to send data to any web application maybe using XML configuration files as part of a general purpose web application testing suite?