Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
User Journal

Journal budgenator's Journal: Chummer, here phishey, phishey phisey 1

The other day I found a phishing spam in my Gmail account's spam folder. While it's getting rare to get a phishing spam and have the phishing site still operating, this one was. So like many of us curiosity got the better of me and I saved the source code for the web page, and wondered how difficult it would be to write a Perl script to send data to the phishing site. Well the answer is with a few module like LWP, HTTP and DBI from cpan it takes about a 120 lines of well formated legible code, (or 20 as the camel walks). Using a database I already had the little script takes random first and last names, addresses, randomly generated SSNs, passwords, Mother's maiden name etc. and sends it to any website I want it to, even my own!

I named my little script chummer, after the guy who throws fish guts off the boat to attract predators to the people who hold the fishing poles; then it occurred to me that chum was also pretty good at attracting bugs. So now the big question is, If I fall prey the the highly satisfying urge to fill phishing sites up with a couple gigabytes of well formed but bad data using my little test script, Am I breaking the law; and if I am is anyone likely to care?

Does anyone thing I should generalize the program to be more analytical and possibly configure itself to send data to send data to any web application maybe using XML configuration files as part of a general purpose web application testing suite?

This discussion has been archived. No new comments can be posted.

Chummer, here phishey, phishey phisey

Comments Filter:
  • It would reduce the value of phishing, as the ratio of valid to false data would worsen. Would it be a crime? Well, it's illegal to falsely identify yourself as someone else for the purpose of defrauding them, but it's not so clear-cut when the information is totally bogus (ie: you are not representing yourself as someone else, as there is no "someone else" for you to be represented as) and where you are not defrauding someone (phishers are generally not selling anything, rather it is simply a free "validat

Machines that have broken down will work perfectly when the repairman arrives.