http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=209900688 By Thomas Claburn InformationWeek July 31, 2008 Would-be phishers can buy, or obtain for free, phishing kits, which include the files necessary to duplicate a targeted Web site and scripts to steal information submitted by phishing victims. They're widely available online, but they're also untrustworthy. In January, Netcraft security researcher Paul Mutton identified a phishing tool kit distributed by a group of Moroccan cybercriminals that had been compromised with a backdoor. Unbeknownst to its users, the phishing kit sent copies of stolen information to its creators. Now it turns out that more than 40% of the live phishing kits found online (61 out of 150) have backdoors designed to steal from the information thieves using them. In a paper presented on Monday at the Usenix Conference in San Jose, Calif. -- There is No Free Phish: An Analysis of 'Free' and Live Phishing Kits -- security researchers Marco Cova, Christopher Kruegel, and Giovanni Vigna from the University of California, Santa Barbara, have found that the big phishers -- the authors of phishing kits -- feed on the little phishers who deploy phishing kits. [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Thu Jul 31 2008 - 02:11:59 PDT
This archive was generated by hypermail 2.2.0 : Thu Jul 31 2008 - 02:23:34 PDT