RSA: New Phishing Kit Can Create Phishing Websites in Seconds
AFCC (Anti-Fraud Command Center) of the security firm RSA has found a 'plug & play' phishing kit that can launch a full-fledged phishing website on a commandeered server in a matter of two seconds, after being double clicked upon. The kit comprises of one electronic file, which can be directly uploaded to a server by the fraudsters.
Traditionally, creating phishing websites consisted of installing several files one after another in the corresponding directories of the server commandeered by the phishers. This process is not time consuming in particular, but it needs the users to visit the compromised server many times and manually install the kit. As a result, it increases the possibility of detection, as per RSA, EMC Corp's unit.
Conversely, the latest kit discovered by the AFCC early during this June, automates the process of installation, behaving more like a '.exe' file. This lets the crooks to pay a single visit to the server, thereby simplifying & ensuring the success of a phishing scam as well as decreasing the probability of detection.
The software gets executed on the zombie or commandeered host once, then automatically creates important directories, and finally installs necessary files like HTML pages, images of cards and bank logo, etc.
RSA Security has warned in its Monthly Online Fraud Report that the latest development in cyber-fraud could also allow hackers to carry out automatic search for susceptible servers without actually intruding in to the server.
According to the report, "The possible combination of methods, comprising of tracing & compromising weak servers, with 'plug & play' phishing kits - will likely cause significant decrease in the workload that's involved in the creation and launch of new attacks."
Discovery of the professed 'plug & play' kit by RSA comes 6 months post its researchers discovered a baleful new 'universal man in the middle' toolkit scammers had launched to enable them for harvesting data entered by unwary users at legitimate websites.
Accounting for about 76.04% of overall 58,245 Trojans, phishing related viruses remained the most dangerous kind of viruses during the first six months of this year, as per a report from Kingsoft, an anti virus software firm in China.
Related article: RSA Attendees Responsible for Wireless Vulnerability
» SPAMfighter News - 20-07-2007