Online Kits Form The Basis of Most Phishing Sites

More than 90 percent of new phishing websites are crafted from kits readily available online, according to a new research. The kits can help any hacker who does not possess sufficient technical resources and know-how to set up a phishing site with comparative ease and launch attacks effectively.

IBM's Internet Security Systems (ISS) conducted the study to find that nearly all the phishing websites were developed from ready-made components found as tradable on the Internet. The X-Force research team of the company discovered that out of recently detected 3,544 phishing sites, 3,256 sites used appliances that enables even a novice attacker to quickly install a number of phishing websites with several DNS host entries (for tangible hosts) on one host, generally a hijacked computer.

The X-Force team's research further found that all those kit-based phishing websites traced to 100 registered domains against 288 non-kit based phishing sites that connected to 276 registered domains. Most of these domains, around 44 percent, apparently registered with a Hong Kong (.hk) address.

It is clearly observable that phishing kits have been responsible for grossly swelling the total number of phishing sites reported every week. However, this number is likely unrelated to the number of personal computers in a phishing scam, said Gunter Ollmann, director of security strategy for IBM Internet Security Systems, as per the news published by BSC on June 7, 2007.

The distinction between hosts running phishing kits and those not doing so is quite important Ollmann continued to explain. This is analogous to the traditional hacking attempts on networks where it is same whether one considers the number of attack probes identified or one considers the attackers actually initiating the probes. Ollmann said this in another statement that ITPRO published on June 7, 2007.

In Ollmann's view there is a huge difference between the number of attacks detected and the number of attackers aiming an organization. And, it is the latter that plays an important issue in the way to deal with the threat.

Related article: Online Card Fraud Shows Greater Tendency Than Chip and Pin

» SPAMfighter News - 6/21/2007