A bit off topic: The Barclays Bank scam

Discussion in 'Perl' started by Mike Richardson, Feb 20, 2004.

  1. Some people, I guess with .co.uk email addresses, may have been getting
    emails which claim to be from Barclays Bank (a UK bank), asking online
    banking users to verify their security settings. The URL is a one of those
    fake ones with a user and a lot of non-printing characters which makes your
    browser appear to be going to a Barclays website but which actually (sorry
    if this is stating the obvious) is a fake which, if you fall for it,
    records all your details.

    Being (a) a Barclays customer and (b) a perl programmer, this was like a red
    rag to a bull, so below is a little script that submits random data to the
    scammers. On my broadband connection, I can submit at over once a second.

    So, if anyone else out there would like to strike a (small) blow, please
    check this script out (lest I'm the scammer:), maybe change or add to the
    names, and let it rip! On my system it reports an error for each system,
    since the response is a redirect to the real Barclays site which is over
    HTTPS, which isn't handled, but using a packet sniffer, I've checked that
    the scam site is responding:)


    #!/usr/bin/perl

    use strict ;

    require HTTP::Request ;
    require LWP::UserAgent ;

    my @names =
    (
    'Albert',
    'Jones',
    'Smith',
    'Davies',
    'Roberts',
    'Robertson',
    'Arbuthnot',
    'Cadwalader',
    'Jackson',
    'Lionel',
    'Aubrey',
    'Windsor'
    ) ;

    my @letters =
    (
    'a',
    'b',
    'c',
    'd',
    'e',
    'f',
    'g',
    'h',
    'i',
    'j',
    'k',
    'l',
    'm',
    'n',
    'o',
    'p',
    'q',
    'r',
    's',
    't',
    'u',
    'v',
    'w',
    'x',
    'y',
    'z'
    ) ;

    my @day =
    (
    1,
    2,
    3,
    4,
    5,
    6,
    7,
    8,
    9,
    10,
    11,
    12,
    13,
    14,
    15,
    16,
    17,
    18,
    19,
    20,
    21,
    22,
    23,
    24,
    25,
    26,
    27
    ) ;

    my @month =
    (
    1,
    2,
    3,
    4,
    5,
    6,
    7,
    8,
    9,
    10,
    11,
    12
    ) ;

    my @year =
    (
    1960,
    1961,
    1962,
    1963,
    1964,
    1965,
    1966,
    1967,
    1968,
    1969,
    1970,
    1971,
    1972,
    1973,
    1974,
    1975,
    1976,
    1977,
    1978,
    1979,
    1980,
    1981,
    1982,
    1983,
    1984,
    1985,
    1986,
    1987,
    1988,
    1989
    ) ;

    sub Choose
    {
    my $arg = shift ;
    my @list = @$arg ;
    return $list[int(rand scalar(@list))] ;
    }

    sub Digits
    {
    my $count = shift ;
    my $res = '' ;

    while ($count > 0)
    {
    $res .= int(rand 10) ;
    $count -= 1 ;
    }

    return $res ;
    }

    sub Submit ()
    {
    my $surname = &Choose (\@names) ;
    my $membno = '2010' . &Digits (8) ;
    my $pssCode = &Digits (5) ;
    my $mcd1 = &Choose (\@letters) ;
    my $mcd2 = &Choose (\@letters) ;
    my $mcd3 = &Choose (\@letters) ;
    my $mcd4 = &Choose (\@letters) ;
    my $mcd5 = &Choose (\@letters) ;
    my $mcd6 = &Choose (\@letters) ;
    my $mcd7 = &Choose (\@letters) ;
    my $mcd8 = '' ;
    my $dobDay = &Choose (\@day) ;
    my $dobMonth = &Choose (\@month) ;
    my $dobYear = &Choose (\@year) ;
    my $connect = &Digits (12) ;

    my $args = "http://211.73.24.80/big/b/login.php" .
    "?surname=$surname" .
    "&membershipNo=$membno" .
    "&pssCode=$pssCode" .
    "&MDC1=$mcd1" .
    "&MDC2=$mcd2" .
    "&MDC3=$mcd3" .
    "&MDC4=$mcd4" .
    "&MDC5=$mcd5" .
    "&MDC6=$mcd6" .
    "&MDC7=$mcd7" .
    "&MDC8=$mcd8" .
    "&dobDay=$dobDay" .
    "&dobMonth=$dobMonth" .
    "&dobYear=$dobYear" .
    "&connectNo=$connect" .
    "&Log-in.x=14" .
    "&Log-in.y=0"
    ;

    print $args, "\n" ;

    my $req = HTTP::Request->new (GET => $args) ;
    my $ua = LWP::UserAgent->new ;
    my $res = $ua->request ($req) ;

    if ($res->is_success)
    {
    print $res->content ;
    }
    else
    {
    print $res->error_as_HTML ;
    }
    }

    srand (time() ^ ($$ + ($$ << 15))) ;

    my $count = 0 ;

    while (1)
    {
    &Submit ;

    $count += 1 ;
    print time, ": ", $count, "\n" ;
    }
    Mike Richardson, Feb 20, 2004
    #1
    1. Advertising

  2. Mike Richardson

    Mark Guest

    "Mike Richardson" <> wrote:
    > below is a little script that submits random data to the
    > scammers. On my broadband connection, I can submit at over once a second.


    I started working on one of these scripts last year. I got bogged down
    in the "extra credit" project. . .bouncing the random data through open
    proxies, so the scammer can't easily delete the data based on the
    source IP.

    Basically, I attempted to have my script query an online list of open
    proxies, find a few dozen that are currently up, and then use them to
    send the phony credit card numbers to the scammer's server.
    But I got tired and went to bed, and never finished it. :-(

    -Mark
    Mark, Feb 21, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wayne...
    Replies:
    15
    Views:
    757
    Toby Inkster
    Jul 23, 2004
  2. Replies:
    10
    Views:
    626
    Elena
    Jul 9, 2006
  3. Samuel Shulman

    'Barclays ePDQ payment gateway'

    Samuel Shulman, Oct 21, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    563
    Samuel Shulman
    Oct 21, 2006
  4. Samuel Shulman

    Barclays ePDQ payment gateway Help Required

    Samuel Shulman, Oct 21, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    483
    Samuel Shulman
    Oct 21, 2006
  5. jacob navia
    Replies:
    5
    Views:
    532
    spinoza1111
    May 30, 2010
Loading...

Share This Page