Script kiddie phishing kit
p2pnet.net News:- A DIY phishing kit which could put formerly sophisticated fraud attacks into the hands of script kiddies is now available online.
“The Universal Man-in-the-Middle Phishing Kit enables fraudsters to sit between prospective marks and legitimate businesses,” says The Register. “Rather just setting up a bogus website that’s promoted through spam email, crooks set up a fraudulent website as a conduit through a legitimate website to communicate with their victims. The technology allows con men to automatically capture victims’ personal information in real-time.”
Said to have a user-friendly interface designed to help the nontechnical criminal, rhe kit, “automates the programming needed to pull off a normally tricky man-in the middle attack on websites such as banks or e-commerce sites,” says PC World.
“Typically, the attack generated by the kit would start by duping users into clicking on a link embedded within a phishing email. This would direct them to a fraudulent URL able to communicate with the genuine website in real time, retrieving content from that site to make the scam appear as convincing as possible.”
Identified by RSA, the Security Division of EMC, Phisher-folk using this kit are set to reap two benefits, says Quote.com:
1. It’s a “universal” phishing kit, meaning it can easily be configured per target. Fraudsters who want to initiate a phishing attack do not have to purchase or prepare a custom phishing kit for each target. Once they acquire and operate this kit, the attack can be configured to “import” pages from any target website.
2. Unlike standard phishing attacks, which only collect specific requested data (typically login and card-related credentials), this attack is designed to intercept any type of credentials submitted to the site after the victim has logged into his account as well.
Also See:
The Register – Man-in-the-Middle phishing kit netted, January 12, 2007
PC World – Do-it-Yourself Phishing Kit Found Online, January 12, 2007
Quote.com – RSA Discovers New Universal Man-in-the-Middle Phishing Kit, January 10, 2007
Want to subscribe to p2pnet by email with Feedburner? Just click here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use our own p2pnet newsfeeds for your site
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
January 15th, 2007 at 8:03 pm
well, i have to say… its not /that/ hard to do… i suppose the custom written proxy script i used to use to dodge my schools net filters would do the job, if it saved the data rather than just passing it on. Mind you it requires some knowledge of ssl and sockets to perfect… most script kiddies struggle with html/css so its probably beyond them :p