Websense Security Labs notes an Increase in the Operation of Phishing Kits
Websense Security Labs has reported a significant increase in the number of Phishing kits used to host multiple target brands on a single host and install similar attack code on numerous machines.
At present the most popular is being referred to as the “Rock Phish Kit”. The kit appears to have floated up around November of 2005, but the rate of its use is increasing.
Highlights of the “Rock Phishing Kit”:
- Sites often use either an IP address or a fake domain name.
- Sites usually have /rock/ or /r/ in the URL path, followed by an alpha character.
- Quite often the letter after the /r/ matches the target name (e.g., www.samplerockphish.com/r/b = barclays).
- Sites are usually hosted in Asia.
- Sites use the same PHP script to post the data.
-Sites often use JavaScript tricks to replace the browser toolbar and disable keyboard functions such as Cut and Paste.
A phishing kit is a collection of tools assembled to make it easy for people with little technical skill to launch a phishing exploit. A phishing kit typically includes Web site development software, complete with graphics, coding and content that can be used to create convincing imitations of legitimate sites, and spamming software to automate the mass mailing process. Some also include lists of email addresses. Spamming software and lists of supposedly viable email addresses are sometimes offered separately as spam kits; virus kits are also easily available online.
Websense has recently identified a site that was hosting six target brands.
/a/ -> Alliance & Leicester
/b/ -> Barclays
/c/ -> Citibank
/d/ -> Deutsche Bank
/e/ -> eBay
/h/ -> Halifax
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
