What is Phishing

In computer security terms, Phishing means obtaining private information such as username, password or other private information illegally. It is commonly heard Phishing is applied on online banking to cheat unsuspecting user that are not IT savvy to enter their username and password via a decoy login page setup elsewhere.

The link to the dummy site is then emailed to victim. Fraudster would normally lied to their victim by telling them in their email they need to login using the link in the email to update their account immediately or having risk their account lossing money or risk being break in.

But recently (on Oct 2009) there is an interesting Phishing bait setup in youtube on the alleged teaching user “How To Get Password For Any Yahoo Email Password”.

First Step it says user should click on “more info” under the user’s name on right hand side.



It’s mentioned in the description, users were asked to download one of the attachments. The first link is http://rapidshare.com/files/297761947/ps32282.exe

The second,claimed to be tutotial

http:// rapidshare.com/files/297767673/Yahoo_Tutorial.rar

I downloaded both to my PC and scan it through and as expected, both attachments have embedded Trojan in it.



So what’s going to happen to unsuspecting user? They installed Trojan into their PC!

Second step, the video ask user to login to their yahoo account on the link posted.

http:// compunerd7.t35. com/site.html

I tried login via that link and was eager to see how’s the page looks like but I was a bit late. The page was removed by the web hosting.



Conclusion:

The rest of the video’s steps are just steps to fool users, just take it as entertainment. For unsuspecting users, the Trojan installed is good enough for the hacker to get your yahoo email username and password. Even of you passed the installation the next would be the login page setup on t35.com. I’m not sure why is the page being taken out, it could be some Good Samaritan has reported to the web host.

Here is the video re-loaded just in case the original was being removed by youtube.

         
Remember! just watch and don't follow the steps ok.  This is purely for education only.

0 comments