14 DAY TRIAL // Everybody loves an "epic fail" once in a while, and the latest one in the world of infosec is from a silly crook who thought it would be a good idea to place a brag tag right inside the source code of one of his phishing sites.
The discovery, made by Symantec's phishing expert Nick Johnston, is from a brand new phishing campaign that Symantec has come across in the past days.
Apparently, the phisher left a lot of info in the page's source code, thinking nobody would "ever" look there. The silly little fool hacker wrote his name, the campaign's ID, his website, and even a link to his YouTube channel.
The stupidity of this gesture is on the same level of incompetence as a case from three years ago, when an Italian phishing tools developer thought it would be a splendid idea to put an intense blue background on his phishing page, depicting nothing less conspicuous than fish. Probably nobody told him that the origin of the word "phishing" actually comes from "fishing" and "phreak," an earlier term for hackers.
Either way, his fish were a dead giveaway that his page was actually a phishing site.
Advice for hackers: never leave clues about your identity in the source code
In this latter case, the Symantec researcher also noted that the crook set up a YouTube channel where he was advertising his tools.
It's nothing new to us that cyber-criminals use YouTube to host demos of their malicious code, but they usually keep these links secret and share them only in underground forums.
The reason is to avoid public exposure and companies like Symantec getting wind of their most recent work, dissecting and blackballing it inside their security products. And this is exactly what happened this time with the tools developed by Noureddine ElmGhreBi (the hacker).
His channel is still up at the time of publishing our story, and he is advertising some phishing tools and a brute-forcing tool that finds open PHP Web shells. Either way, Symantec and other security firms are well aware of them now, rendering them useless.
