TMCnet News

Now a Phishing Kit for Arming Inexpert Hackers
[January 16, 2007]

Now a Phishing Kit for Arming Inexpert Hackers


TMCnet Contributing Editor
 
An Internet security monitor has unearthed a phishing kit being sold on the Internet. This tutorial, from the not-so-distinguished experts, teaches amateurs to launch advanced phishing attacks on e-commerce and bank websites.

RSA, the Security Division of EMC (News - Alert) Corporation, announced last week that its Anti-Fraud Detection Center (AFCC) has come across a free demo version of the “universal man-in-the-middle phishing kit” being circulated on a hackers’ forum that the AFCC were keeping an eye on.



The intuitive interface of the phishing kit allows inexpert hackers to create bogus URLs that can communicate with actual websites of financial organizations. These URLs are sent to targets through standard phishing e-mails. On clicking the fake URL, the victim (oblivious to the fact that his/her sensitive financial information is being stolen by the hacker) thinks that he/she is accessing the legitimate website. The fact that content is retrieved in teal time from the actual website makes the whole thing seem pretty credible.

The kit is universal in nature as it can be used to generate an attack on any website without being customized, informed the Bedford, Mass. based Internet watchdog.

“As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets,” said Marc Gaffan, director of marketing for Consumer Solutions at RSA Security (News - Alert), in a recent report.

“While these types of attacks are still considered ‘next generation,’ we expect them to become more widespread over the course of the next 12-18 months,” he said.

The malicious phishing kit was discovered by the team of 40 expert fraud analysts at AFCC who work round the clock to monitor online fraud.

“Using various technologies and procedures, the AFCC detects phishing attacks, analyzes them and works to shut them down on behalf of our FraudAction customers,” Gaffan concluded.

Session Initiation Protocol (News - Alert) (SIP) is arguably the single most important technological development for VoIP since the proliferation of Internet Protocol itself. See what all the buzz is about at the SIP Workshop taking place at INTERNET TELEPHONY Conference & EXPO EAST, January 23–26, 2007. See you in sunny Ft. Lauderdale!

---------

Divya Narain is a contributing editor for TMCnet. To see more of her articles, please visit her columnist page.


[ Back To TMCnet.com's Homepage ]