Wed 19th Apr 2006
More eBay Phishing: sphzion is a fucker.
Posted in the wee hours, filed under Rants and Raves.Yet another eBay phishing site. This time located at (line broken deliberately):
http://hyper6.amuser-net.ne.jp/~sphzion/dzb/random_msg/ws/
signin.ebay/eBayISAPI.dll/SignIn&pUserId/index.html
Again, looks very convincing. However, the start of the URL is always a dead giveaway.
The interesting thing about this scam is that when you try to login, it fails (naturally, as the site doesn’t know your real password), but then passes you through to the real site, so that if you try again, you’ll succeed. Naturally, I entered a few fake details in, just to let him know he’s been caught.
What this loser doesn’t realise is that he’s hosted this on his homepage.
http://hyper6.amuser-net.ne.jp/~sphzion/dzb/index2.htm
Which also has a couple of email addresses:
- sph@x.age.ne.jp
- ohkawa@mb.gallery.ne.jp
Make no mistake. This guy is a scammer!
As per usual, this is being forwarded to spoof@ebay.com as we speak.
My big-time response:
$ python >>> for i in range(5000): ... u = urllib.urlopen('http://hyper6.amuser-net.ne.jp/~sphzion/dzb/random_msg/ws/signin.ebay/eBayISAPI.dll/SignIn&pUserId/contact.php?userid='+str(random.random())+'&pass='+str(random.random()))Which will create 5000 random entries in his collection database. Of course, they will all be numbers, but it was okay for now. Next time, I’ll go one better, and have a dictionary file that it goes through, grabbing random words.
Perhaps even a names dictionary, and it will get firstname.lastname, and a random word for the password. That would be cool.
13 minutes after the fact.
This might not have been effective. Being tired may have meant I mixed up GET and POST requests.
Oh well.
8 hours, 39 minutes after the fact.