New Phishing Kit Available For Underground Online Sale
EMC's present security division, RSA announced in the company press release that its 24X7 AFCC (Anti-Fraud Command Center) has discovered online fraudsters buying and using a new phishing kit.
Called the Universal 'Man-in-the-Middle' phishing Kit, this new tool is constructed to help launch fresh sophisticated phishing attacks against world organizations. The attacks involve victims to use a fake URL, which fraudsters encourage, to reach a legitimate web site. While the user communicates with the site, the fraudster records the victim's personal information.
The Universal 'Man-in-the-Middle' phishing Kit is available for $1,000 on online marketplaces operating underground. RSA's product marketing manager for fraud action, Jens Hinrichsen gave this information in an interview to CNET News that was published on June 10, 2007.
Hinrichsen said this kit is unique and different from other phishing kits that have been there for a long time now because it uses a very simple user interface to choose any site that the fraudster wishes to spoof. The race of weapons continues; so the experts on the security side need to invest more resources to build new technologies.
To operate the new tool a fraudster needs to only enter options such as which site he would like to spoof and where on it he would like to post the fraudulent page. After this the tool creates a special Web page in the PHP (hypertext preprocessor) scripting language. The fraudster constructs the Web page in a manner to convince visitors and then hosts it on the Net. He attracts people to it with spam mails containing the particular link.
Fraudsters use this tool to launch phishing attacks on banks and online payment services such as PayPal and eBay. phishing scams enable fraudsters to commit identity fraud. Experts believe mutual authentication can prevent against this new attack. The two-way authentication involves both the client browser and the website to validate themselves.
While these kinds of attacks are assumed to be 'next generation attacks' they are likely to be widely prevalent in the next 12 to 18 months, said Marc Gaffan, director of marketing in the Consumer Solutions division at RSA.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 16-01-2007