Information Security News: Phishing Kits Widely Compromised To Steal From Phishers

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=209900688

By Thomas Claburn
InformationWeek
July 31, 2008 

Would-be phishers can buy, or obtain for free, phishing kits, which 
include the files necessary to duplicate a targeted Web site and scripts 
to steal information submitted by phishing victims. They're widely 
available online, but they're also untrustworthy.

In January, Netcraft security researcher Paul Mutton identified a 
phishing tool kit distributed by a group of Moroccan cybercriminals that 
had been compromised with a backdoor. Unbeknownst to its users, the 
phishing kit sent copies of stolen information to its creators.

Now it turns out that more than 40% of the live phishing kits found 
online (61 out of 150) have backdoors designed to steal from the 
information thieves using them.

In a paper presented on Monday at the Usenix Conference in San Jose, 
Calif. -- There is No Free Phish: An Analysis of 'Free' and Live 
Phishing Kits -- security researchers Marco Cova, Christopher Kruegel, 
and Giovanni Vigna from the University of California, Santa Barbara, 
have found that the big phishers -- the authors of phishing kits -- feed 
on the little phishers who deploy phishing kits.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com