I must say i was impressed by this phishing website hey, i have seen a few of these coming in early ready for tax time mid year!.
Jump to content
Posted 10 April 2017 - 05:53 PM
It's really well done.
We've been seeing a lot of spoofed ASIC emails also, extremely well crafted. We had to create custom rules especially for them.
Posted 10 April 2017 - 07:30 PM
Posted 11 April 2017 - 06:33 PM
If you are this good a coder, why bother being an outlaw, lol? I mean, you can surely land a job at Facebook, Apple, you name it...
It's probably a psychological decision, an affinity to crime, I guess.
The reason is, if you can obtain a users credentials for their domain then this gives you a lot of power.
This could give you VPN access, allow you to remote in and token sniff/inject, send emails with out the need to spoof and get someone to run your crypt0/malware which in the long term might generate you some thousands of $'s for ransomware.
Once you get a user credentials you also get their contact list to send even more emails.
You need to remember that if you got some CEO or a Director of a company's username/pass then they are more likely to have higher NTFS permissions on a domain which widens the attack and crtyp of files (Makes people more desperate to pay).
The list could go on & on mate, all i would need is a username and password for a basic user to start causing havoc in a network. You can make 10 tiems the amount being the bad guy because you can automate infections and demand payment instead of sitting their writing applications for a company who doesnt pay well.
0 members, 0 guests, 0 anonymous users