By Joris Evers
Staff Writer, CNET News.com
January 10, 2007
Security experts at RSA have come across a new tool that automatically
creates sophisticated phishing sites, a sign that cybercrooks are
getting increasingly professional.
The tool, which RSA calls the "Universal Man-in-the-Middle Phishing
Kit," is available on underground online marketplaces for about $1,000,
Jens Hinrichsen, RSA's product marketing manager for fraud auction, said
in an interview Wednesday.
"Unlike other phishing kits which have been in existence for quite some
time, this kit is unique because with a very simple user interface you
can choose whatever site you'd like to spoof," Hinrichsen said. "The
arms race continues; we on the security side have to continue to
escalate resources and invest in technology."
Phishing scams are a prevalent online threat that typically use
fraudulent Web pages and spammed e-mail messages to trick people into
giving up personal information such as user credentials or credit card
Using the new kit, a fraudster only has to enter variables such as which
site should be spoofed and where the fraudulent page will be hosted. The
tool then produces a dynamic Web page in the PHP (hypertext
preprocessor) scripting language. The fraudster hosts this page
somewhere on the Web, typically on a compromised Web server or a free
Web host, and lures people to it with spammed e-mail messages or other
Unlike traditional phishing Web sites that have static Web pages
designed to look like a real online bank or other trusted site, the
dynamic page created by the phishing kit actually pulls in the current
Web site of the target organization and displays it. However, any data
entered is captured by the miscreants, Hinrichsen said.
"Once you enter your credentials, it would be intercepted by that server
where the PHP file is hosted," he said. At the same time, the victim is
actually logged in to the legitimate site and may never know he's been
Shrewd phishers monitor the log-in process to validate that the data
they capture is legitimate, Hinrichsen said. An incorrect username and
password combination would be discarded. Also, the
man-in-the-middle-style attack lets the miscreants continue to eavesdrop
on the victim's interactions with the legitimate Web site, according to
The most popular phishing targets are banks and online payment services
such as PayPal. Auctioneer eBay is also a common target. Fraudsters run
phishing scams to collect personal information that can be used for
Phishing protection is becoming common. The latest versions of Firefox
and Internet Explorer include phishing shields. Also, security firms
such as Symantec and McAfee sell antiphishing software.
Protection technologies typically rely on a list of known bad Web sites
and display a warning when a user surfs to one of those. This means,
however, that a brand-new fraudulent site won't be detected. In general,
people should be cautious when following links to any site that requires
a log in. It is better to type in the address or use a bookmark.
Subscribe to InfoSec News