Phishing kit pits wannabe scammers against pro fraudsters
Big rats, little rats compete in a Net fraud pro-am; you still lose
January 23, 2008 12:00 PM ETIDG News Service - In a twist, security researchers have discovered a group of hackers who are exploiting a new category of victims -- aspiring Internet scammers.
A Moroccan group called "Mr. Brain" is offering free phishing kits on a Web site hosted in France, said Paul Mutton, Internet services developer at Netcraft, a security company in Bath, England.
The software packages make it easy to quickly set up a fraudulent Web site mimicking a known brand in order to trick people into divulging credit card details or bank account numbers. Templates for spam e-mail are also included, targeting brands such as Bank of America, eBay, PayPal and HSBC.
Mr. Brain's Web site lists the kits and what kind of details each one is capable of collecting, such as usernames, passwords or Social Security numbers. Netcraft posted screenshots on its Web site.
But what the aspiring scammer doesn't know is that the phishing kits are designed to send any sensitive information that's collected back to e-mail accounts controlled by Mr. Brain, Mutton said.
"Obviously, that's why they are offering this stuff for free," Mutton said. "I was impressed by it."
Mr. Brain hides the special e-mail function in a blend of PHP scripts, one of which is encrypted, Mutton said. Just in case someone decrypts it, Mr. Brain has written at the top of the file "Don't need to change anything here. Created by Mr. Brain Morocco Team."
The scheme seems to be targeted at new phishers, Mutton said. Mr. Brain benefits since other wannabe scammers shoulder the cost and risk of finding an ISP (Internet Service Provider) to host the phishing site, Mutton said.
"Essentially, they're exploiting all these novice phishers -- basically getting them to do all the hard work," Mutton said.
It's difficult to tell without further research how many of the free phishing kits linked with this latest scam are live on the Internet, but Mutton said Netcraft noticed one earlier this month targeting Bank of America.
"Clearly, these are actively being used in phishing attacks," Mutton said.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

