Silly script kiddies, tricks are for kids!
What happens when you float a counterfeit IIS hole in a carder chatroom on IRC, tantalizing its young denizens with a quick, easy score? Do they proxy up, patiently enumerate the site, grab banners, analyze what they're up against and carefully plot an attack? Or do they rush into the trap like so many elite lemmings?
That’s what CardCops’ Dan Clements and Penetrationtest.com’s Karsten Johansson wanted to know. So they set up a fake IIS directory .../InetPub/scripts/_private on an Apache server (yes, Apache), with a fake security hole, seeded a couple of IRC carder channels with the news, and watched. [...]