Feeds

DIY kits dumb down phishing

9 out of 10 crooks use ready-made code

The essential guide to IT transformation

Phishing kits are helping to dumb down the process of creating fraudulent websites. Back in the day, setting up a bogus facsimile of a banking site required a modicum of programming skills. No more.

Now the increasing prevalence of DIY fraud website creation kits means setting up a snare for unwary surfers takes about as much effort as setting up a personal website. Nine in ten (92 per cent) of 3,544 new phishing websites identified by IBM's X-Force security research team last week (something of a slow week, incidentally) were the product of phishing kits.

Phishing kits, which first arrived on the scene around two years ago, allow attackers with little technical skill to rapidly set up multiple phishing websites on a single host. Requiring only a small installation footprint, and capable of being seeded with off-the-shelf botnet agents, these phishing kits create a means for hackers to serve up multiple bogus banking websites on a single compromised host.

IBM compares the phenomenon of phishing websites to the appearance of virus creation toolkits in the late 1990s. The infamous Anna Kournikova worm of 2001, for example, was created by 20-year-old Dutch s'kiddie Jan de Wit, using a virus creation toolkit.

Hook, line and stinker

The widespread use of phishing kits comes as no great surprise. However, IBM's improved analytical techniques have yielded an added insight into cybercrime activity and helped to quantify the problem.

For example, IBM discovered that the 3,256 phishing kit sites tied back to 100 registered domains, almost a half (44 per cent) of which were registered in Hong Kong. This compares to the 276 registered domains used by the 288 custom-made phishing websites. More in an entry in IBM's X-Force blog here. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?