Rick’s Awesome Blog

This idea spawned while learning about the CAN-SPAM act of 2003 in my LAW370 class. I had this idea of a way to harvest e-mail addresses that could be used for phishing attacks. Of course, I would never use this for actual phishing, I just think the idea is possible and it would be a really cool proof of concept. This project would also help me brush up on my scripting skills.

Essentially, I want to write a script that will scour social networking sites for e-mail addresses. The thing is, sites like MySpace and Facebook allow you to have friends show up on your account page. MySpace even gives you the opportunity to have your “Top 8″ friends. Now imagine a script that logs onto MySpace and grabs your e-mail address. Now that same script goes to each of your “Top 8″ friends and grabs their e-mail addresses. Now the script can send a phishing e-mail to each of your “Top 8″ friends and spoof the source address to look like its coming from you. That script can then propagate through MySpace and spread exponentially.

The idea is simple and may have already been done, but I haven’t seen or heard of it. I think I might get started on this one some time soon. I’m thinking I can use Curl for collecting data from web pages. I’ll probably just use BASH for the main script. Or maybe I’ll use Perl. This would be a great opportunity to start learning more Perl…

I’ve officially moved this project to the works in progress section.  I started working on it this morning.  You can find my blog post about everything I’ve done so far here.  I’ll update this page further when I get a chance.