« Pathological PayPal Predators | Main | Blog Archive Fix »

January 09, 2005

I was looking around more of the source code served up by the bogus PayPal settlement phisher message (doing so in a safe environment that can't corrupt my computer). I earlier explained that the page was abusing some IE vulnerabilities. Lo and behold, I found the following <meta> tag in the page:

<meta name="Description" CONTENT="Secunia - Internet Explorer Cross-Site Scripting Vulnerability Test">

Those who monitor broadcasts from the IE and Windows security patch planet will immediately recognize that tag description from a proof-of-concept page posted to the Web by security software firm, Secunia. In fact, this pathetic phisher took the script source code straight from the Secunia page, replacing Secunia's example HTML code with his own.

Tsk, tsk, tsk. I'd expect a phisher who hijacks servers and sets up snarky redirects to be creative enough to write his own version of the trick. At least devise your own script variable names and remove the meta tag identifying the source of your trickery!

This guy is a complete thief, from beginning to end, with all the creativity of a gnat.