[ISN] Phishing Kits Widely Compromised To Steal From Phishers

From: InfoSec News <alerts_at_private>
Date: Thu, 31 Jul 2008 04:11:59 -0500 (CDT)

By Thomas Claburn
July 31, 2008 

Would-be phishers can buy, or obtain for free, phishing kits, which 
include the files necessary to duplicate a targeted Web site and scripts 
to steal information submitted by phishing victims. They're widely 
available online, but they're also untrustworthy.

In January, Netcraft security researcher Paul Mutton identified a 
phishing tool kit distributed by a group of Moroccan cybercriminals that 
had been compromised with a backdoor. Unbeknownst to its users, the 
phishing kit sent copies of stolen information to its creators.

Now it turns out that more than 40% of the live phishing kits found 
online (61 out of 150) have backdoors designed to steal from the 
information thieves using them.

In a paper presented on Monday at the Usenix Conference in San Jose, 
Calif. -- There is No Free Phish: An Analysis of 'Free' and Live 
Phishing Kits -- security researchers Marco Cova, Christopher Kruegel, 
and Giovanni Vigna from the University of California, Santa Barbara, 
have found that the big phishers -- the authors of phishing kits -- feed 
on the little phishers who deploy phishing kits.


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Thu Jul 31 2008 - 02:11:59 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 31 2008 - 02:23:34 PDT