A bit off topic: The Barclays Bank scam

[Mike Richardson]

Some people, I guess with .co.uk email addresses, may have been getting
emails which claim to be from Barclays Bank (a UK bank), asking online
banking users to verify their security settings. The URL is a one of those
fake ones with a user and a lot of non-printing characters which makes your
browser appear to be going to a Barclays website but which actually (sorry
if this is stating the obvious) is a fake which, if you fall for it,
records all your details.

Being (a) a Barclays customer and (b) a perl programmer, this was like a red
rag to a bull, so below is a little script that submits random data to the
scammers. On my broadband connection, I can submit at over once a second.

So, if anyone else out there would like to strike a (small) blow, please
check this script out (lest I'm the scammer, maybe change or add to the
names, and let it rip! On my system it reports an error for each system,
since the response is a redirect to the real Barclays site which is over
HTTPS, which isn't handled, but using a packet sniffer, I've checked that
the scam site is responding


#!/usr/bin/perl

use strict ;

require HTTP::Request ;
require LWP::UserAgent ;

my @names =
(
'Albert',
'Jones',
'Smith',
'Davies',
'Roberts',
'Robertson',
'Arbuthnot',
'Cadwalader',
'Jackson',
'Lionel',
'Aubrey',
'Windsor'
) ;

my @letters =
(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z'
) ;

my @day =
(
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27
) ;

my @month =
(
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12
) ;

my @year =
(
1960,
1961,
1962,
1963,
1964,
1965,
1966,
1967,
1968,
1969,
1970,
1971,
1972,
1973,
1974,
1975,
1976,
1977,
1978,
1979,
1980,
1981,
1982,
1983,
1984,
1985,
1986,
1987,
1988,
1989
) ;

sub Choose
{
my $arg = shift ;
my @list = @$arg ;
return $list[int(rand scalar(@list))] ;
}

sub Digits
{
my $count = shift ;
my $res = '' ;

while ($count > 0)
{
$res .= int(rand 10) ;
$count -= 1 ;
}

return $res ;
}

sub Submit ()
{
my $surname = &Choose (\@names) ;
my $membno = '2010' . &Digits (8) ;
my $pssCode = &Digits (5) ;
my $mcd1 = &Choose (\@letters) ;
my $mcd2 = &Choose (\@letters) ;
my $mcd3 = &Choose (\@letters) ;
my $mcd4 = &Choose (\@letters) ;
my $mcd5 = &Choose (\@letters) ;
my $mcd6 = &Choose (\@letters) ;
my $mcd7 = &Choose (\@letters) ;
my $mcd8 = '' ;
my $dobDay = &Choose (\@day) ;
my $dobMonth = &Choose (\@month) ;
my $dobYear = &Choose (\@year) ;
my $connect = &Digits (12) ;

my $args = "http://211.73.24.80/big/b/login.php" .
"?surname=$surname" .
"&membershipNo=$membno" .
"&pssCode=$pssCode" .
"&MDC1=$mcd1" .
"&MDC2=$mcd2" .
"&MDC3=$mcd3" .
"&MDC4=$mcd4" .
"&MDC5=$mcd5" .
"&MDC6=$mcd6" .
"&MDC7=$mcd7" .
"&MDC8=$mcd8" .
"&dobDay=$dobDay" .
"&dobMonth=$dobMonth" .
"&dobYear=$dobYear" .
"&connectNo=$connect" .
"&Log-in.x=14" .
"&Log-in.y=0"
;

print $args, "\n" ;

my $req = HTTP::Request->new (GET => $args) ;
my $ua = LWP::UserAgent->new ;
my $res = $ua->request ($req) ;

if ($res->is_success)
{
print $res->content ;
}
else
{
print $res->error_as_HTML ;
}
}

srand (time() ^ ($$ + ($$ << 15))) ;

my $count = 0 ;

while (1)
{
&Submit ;

$count += 1 ;
print time, ": ", $count, "\n" ;
}

 

[Mark]

below is a little script that submits random data to the
scammers. On my broadband connection, I can submit at over once a second.

I started working on one of these scripts last year. I got bogged down
in the "extra credit" project. . .bouncing the random data through open
proxies, so the scammer can't easily delete the data based on the
source IP.

Basically, I attempted to have my script query an online list of open
proxies, find a few dozen that are currently up, and then use them to
send the phony credit card numbers to the scammer's server.
But I got tired and went to bed, and never finished it. :-(

-Mark