By Thomas Claburn
July 31, 2008
Would-be phishers can buy, or obtain for free, phishing kits, which
include the files necessary to duplicate a targeted Web site and scripts
to steal information submitted by phishing victims. They're widely
available online, but they're also untrustworthy.
In January, Netcraft security researcher Paul Mutton identified a
phishing tool kit distributed by a group of Moroccan cybercriminals that
had been compromised with a backdoor. Unbeknownst to its users, the
phishing kit sent copies of stolen information to its creators.
Now it turns out that more than 40% of the live phishing kits found
online (61 out of 150) have backdoors designed to steal from the
information thieves using them.
In a paper presented on Monday at the Usenix Conference in San Jose,
Calif. -- There is No Free Phish: An Analysis of 'Free' and Live
Phishing Kits -- security researchers Marco Cova, Christopher Kruegel,
and Giovanni Vigna from the University of California, Santa Barbara,
have found that the big phishers -- the authors of phishing kits -- feed
on the little phishers who deploy phishing kits.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com