Crimeware Kits as New Appliances for Online Scams
The sale of crimeware kits on the Internet has resulted in phishing attacks while online scams scale new heights, reports 'Anti phishing Working Group' (AFWG). The crimeware kits contain all the information and guidelines that a phisher requires to construct phishing e-mails. It also describes how websites with malware can be created. The kits therefore enable even amateur phishers to start up their phishing programs.
The victims of these phishing campaigns inadvertently end into reveling their personal information on the phishing websites, replying to phishing e-mails, and eventually have their PCs infected with malware. Any of these can place the user in a precarious situation as phishers can steal user information like credit card numbers, passwords and other critical details for personal gains.
Peter Cassidy, APWG Secretary General wonders how the phishers manage to achieve the existing high levels of automation to instill growth in phishing crime. While phishers continue their conventional practice of exploiting e-mails to cheat consumers, they are increasingly using the entire Web to launch attacks.
The crimeware kit also contains a code that is constructed to collect user's information to steal his/ her credentials. One example is the phishing-based keyloggers that monitors a user's keystrokes on a PC. This enables phishers to tap sensitive information pertaining to credit card numbers and login details .
According to Dan Hubbard, vice president of Websense they have tracked several malicious code URLs based on the process of password theft. Mr. Hubbard believes that this method is due to greater utilization of crimeware applications and websites. In addition, the non-technical criminals increasingly exploit kits to create malicious code with the intention to infect websites and run it on users' systems when they surf the websites.
Experts advise computer users to install sufficient security appliances on their PCs to keep from such divergent attacks.
Related article: Crimeware Server Containing Stolen Data found in Argentina
» SPAMfighter News - 13-09-2006