Yesterday a close friend of mine got phished. The attacker was using a compromised email address of a friend of his and sent a fairly standard ‘check out your invoice’ link. Well these folks actually do exchange invoices semi frequently so he though it was legit. Until he called them. They are aware; now.
After about 30 seconds of very rudimentary tracing I found the bad guys server. Root dir has publicly downloadable zip archive copies of the harvesters they purchased along side the live production stuff. Like this: Imgur
After a bit of analysis of how the harvester script works, setting up a rudimentary dos attack against it should be easy straight forward and non risky as traffic would look like my system is infected by something of theirs.
How do you guys feel about the ethics of the hack back against bad guys, especially ones with this low level of stealth?
i’ve already sent of an email to the abuse lines at both the registrar and the server owner.