The http.zip file also contained X-x-X.php which appears to be search engine/bot/crawler detection ... in theory returns 404 not found for search engines trying to index the site and 200 success for the victims. The idea probably being that they don't want their pages to show up in search engines, they want them hidden from the internet except for when they send out their links in phishing emails. Probably extends the lifetime and thus success rate of their phishing campaign.
Full code here
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.