From: Nicolás F. Iglesias (nfiglesias@gmail.com)
Date: Thu Feb 01 2007 - 22:01:16 EST
Once, i did a personalized phisymail from a personal PC, catched through
Netbios. The intrusion was as follow:
- I found a Winbox on internet, from Dr. X (i don't remember his real name).
He has the netbios opened, so it was easy to broke his lan.
- I learned, from DOCs, LOGs, websites visited and all data i found on his
HD, who was and what kind of person he was.
- I wrote an email, using a language according to his "personality"
(university phd and so on...) and i "invited" his contacts to test a
financial software (he and his contacts, all working on economy and
finances).
- The fake soft has a keylogger on it. The logs was sent to my free
emailaddress.
- In a few days, i was able to see all data from his friends and very
interesting people (one working at my country's defense agency as an IT
consultant), bank accounts, credit cards,etc. But it just was a nice
experience and i didn't stole a penny.
What i'm trying to expose is that, on phishing, you have to develop social
engineering.
NiCo
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT