Phishing kits steal from customers

by Steve Ragan - Jul 31 2008, 20:11

On Monday, at the Usenix Conference in San Jose, California, researchers Marco Cova, Christopher Kruegel, and Giovanni Vigna from the University of California, Santa Barbara, released a paper that demonstrates how the authors of the various Phishing kits include backdoors to steal from their users. While the report was interesting, this would fall under the “well duh” section of security news.

In the paper, titled: “There Is No Free Phish: An Analysis of 'Free' And Live Phishing Kits,” the researchers reported that forty percent (or 61/150) of the kits tested contained code that would siphon off the collected information and send it up the chain to the creator of the program.

Phishing kits are commonly used to pull off the Phishing attack. Some are simply nothing more than bits of code and form-filling e-mail blasters, but other kits are advanced, and genius in their design. Arguably, almost all the Phishing attacks online started with a kit of one type or another, as most of the criminals who are using them are not smart enough to pull off the attack without one.

Phishing, an electronic form of Social Engineering, is a plague on the Internet. The criminals who use this type of attack are after as much information as you will willingly give them. Phishing often starts in e-mail, with a message designed to grab your attention and get you to follow a link. The link leads to a malicious Web site where you are presented with various fields and forms to fill out, asking for just about every type of PII (Personal Identifiable Information) you can imagine.

The dodgy Web sites in question can assume the form of PayPal, your local or national bank, credit card accounts, online auction houses like eBay, gaming sites, and more. There are various types of Phishing attacks to consider, and recently common ones have been directed at a group or section of the Internet populace.

Take, for example, direct attacks on the computer game World of Warcraft (WoW), where the Phish will attempt to gain access to the user's WoW account and, in some cases, offer up Malware to the victim to ensure that more information is collected.

"The collected phishing kits targeted a total of 49 organizations, mostly banks and auction sites, but also mail providers and video game portals. The five most common targets of kits found on distribution sites were Bank of America (21 kits), eBay (19), Wachovia (18), HSBC (18), and PayPal (15)," the report said. 

"Among the 21 organizations targeted by live kits, the five most frequent ones were PayPal (63 kits), followed by Halifax (19), Bank of America (14), Wells Fargo (9), and Royal Bank of Scotland (8). Most of the kits contained files for only one target organization. In fact, we found only two kits that contained copies of multiple target sites (9 in both cases)."

The research paper does a great job in explaining how the kits work, and how the infrastructure of the Phishing attacks are set up. For example, it highlights a pattern in the kits that takes advantage of fast-flux to extend the life of an attack.

The research is well worth a look, check it out by clicking here.

Around the Web