[StarLab]

Greetings.

I had the extreme pleasure of dealing with a hacker on one of my clients over the last couple days.

Malicious code had been inserted onto his site. This code was a phishing scam (like those fake emails you get from PayPal requesting you to change your password) which launched over 800 emails to unsuspecting banking customers.

They went as far as to setup a fake banking site for people to login to. Once logged in, the login info was then sent to hacker, giving him full access to the customer's account on the true banking site.

Thankfully, the hosting company was right on top of their security and was alerted to the problem immediately. The bad part is the host suspended the web site for 2 days while I dealt with the problem.

Apparently, my client had changed his cPanel/FTP password to something he could remember easily which made his site vulnerable.

I have a download of the "fake" banking site, but it's all compiled javascript. I know this is likely a stupid question, but is there any way to uncompile this? I just want to try and figure out where the login info would have been sent.

All in all, quite the experience.

[Jerlene]

I actually receive quite a few emails like this. There's so many scams like this you'd think there were turn key sites for this kind of things.
You should report it here.

[StarLab]

Well, considering the fake site was disabled moments after the emails went out, I doubt anyone will be taken by it.

Still haven't really got all the details yet anyway.

[robert]

I would love to hire a trusted hacker but I feel that the two ideas don't mix ;)

[StarLab]

Quote:

Originally Posted by robert

I would love to hire a trusted hacker but I feel that the two ideas don't mix ;)

lol! Nope I don't suppose they don't.

"Trusted Hacker" is something of an oxymoron, me thinks...

And just to update, the site got hit again. Turns out there was a vulnerability in the bridge I was using to integrate Joomla and Gallery2 allowing the injection of the trojan: PHP/C99Shell.C which opened up a nice little back door.

All fixed now.

I am now on a first name basis with the hosting company's technicians! lol

[Jerlene]

A lot of big companies such as Microsoft hires hackers.
If it weren't for these hackers, a lot of programs you use would have more holes in them.

[StarLab]

The thing about hacking is that it's usually something that cannot be taught. It requires a certain amount of intuitive thinking. They are thought to be more cleaver than the people who wrote the security programs.

Rumour has it that the FBI will hire the big time hackers for consultation after they've been busted.

And they say crime doesn't pay. It does until you get caught, then it turns into a career. lol