|
The end of the re-direct trail was a private computer in Ajax, Ontario, Canada.
This computer had apparently been hacked by the phishers. Files and scripts and web pages had been uploaded to this host computer, to be activated by people responding to the phishing email.
Clicking on the hyper-link in the original phishing email sent my computer across the globe, then opened a fraudulent log-in web page on the hacked PC in Canada. The fraudulent log-in page no longer exists on that computer, but this was its web address:
http://cpe0004754cb643-cm0011ae02814e.cpe.net.cable.rogers.com:82/boa/index.php
This page now displays the following text message in a web browser:
"Owned by the BOFH"
This message is generated by a script file created 14-Jan-2007 17:28
Maybe that is when the phishing site was shut down, or the material removed. The computer still seems to be under the control of the phishers.
Look at the sourcefile yourself: delete the "index.php" from your browser and hit return, or just re-enter this address and hit return:
http://cpe0004754cb643-cm0011ae02814e.cpe.net.cable.rogers.com:82/boa/
What Happened If You Entered Data Into The Log-In Page?
It checked to see if there were characters in the log-in fields, then it re-directed a victim to the real phishing page, where the phishers hoped to obtain sensitive personal data. As far as I can tell, the log-in data entered in the log-in page was NOT saved or transmitted anywhere.
Sorry -- I did not make a copy of the real phishing page that came after the log-in page.
|
|
