DIY kits dumb down phishing
9 out of 10 crooks use ready-made code
Phishing kits are helping to dumb down the process of creating fraudulent websites. Back in the day, setting up a bogus facsimile of a banking site required a modicum of programming skills. No more.
Now the increasing prevalence of DIY fraud website creation kits means setting up a snare for unwary surfers takes about as much effort as setting up a personal website. Nine in ten (92 per cent) of 3,544 new phishing websites identified by IBM's X-Force security research team last week (something of a slow week, incidentally) were the product of phishing kits.
Phishing kits, which first arrived on the scene around two years ago, allow attackers with little technical skill to rapidly set up multiple phishing websites on a single host. Requiring only a small installation footprint, and capable of being seeded with off-the-shelf botnet agents, these phishing kits create a means for hackers to serve up multiple bogus banking websites on a single compromised host.
IBM compares the phenomenon of phishing websites to the appearance of virus creation toolkits in the late 1990s. The infamous Anna Kournikova worm of 2001, for example, was created by 20-year-old Dutch s'kiddie Jan de Wit, using a virus creation toolkit.
Hook, line and stinker
The widespread use of phishing kits comes as no great surprise. However, IBM's improved analytical techniques have yielded an added insight into cybercrime activity and helped to quantify the problem.
For example, IBM discovered that the 3,256 phishing kit sites tied back to 100 registered domains, almost a half (44 per cent) of which were registered in Hong Kong. This compares to the 276 registered domains used by the 288 custom-made phishing websites. More in an entry in IBM's X-Force blog here. ®
Just use opera...
this browser already has all the info and you can view it as you please. It even has central database support to filter out dangerous sites... and it's free too with no addon or manual configuration required.
I don't know if it would be a solution but it sure would be a great idea, as you say, for lots of other things than phising.
Do it and let the English, sorry, Asians, see you do it.
Bloody script kiddies...
@ Micheal: Please do make that Firefox addon. It would help me a great deal.
Although, a much better solution: make a modify google earth to mark the location of the phishing sites.
Google Earth is accurate enough for guiding ICBMs, isn't it?
Hey, you at the Pentagon, are you listening? Maybe you could help us out a little here.
Heh heh heh...