Cut-price phishing toolkits pose growing threat

Cut-price phishing toolkits pose growing threat

Summary: For around £20, criminals can buy a kit to take advantage of the latest vulnerabilities

SHARE:
TOPICS: Security
0

The marketplace for phishing toolkits, which can allow technophobe criminals to quickly and easily set up spoofed versions of banking Web sites, is booming, with kits changing hands for as little as $30 (£16.15).

Although phishing kits are nothing new, over the past year their quantity and quality have increased dramatically, according to Dan Hubbard, who is vice president of security research for Websense and a representative of the Anti-Phishing Working Group.

"[Phishing kits] have been around for years but the volume is one of the big changes… the kits available are better designed," Hubbard said in a telephone interview last week.

"The kit makers publish and test against signature detection as part of their advertising portfolio — 'not detected by antivirus, not detected by heuristics, not detected by signatures'."

Hubbard said that software developers were creating the kits in partnership with "traditional" criminals who want to start a new business in the online world.

"A lot of the 'traditional' criminals are good at getting dollars back for the [stolen] credentials. You also have your security programmer guy — who probably isn't as good at monetising these assets. The two working together make a scary combination," said Hubbard.

According to the Websense Security Trends Report for the first half of 2006, which was published earlier this month, phishing toolkits sell for between $30 and $3,000, depending on their sophistication, ease of use and their ability to defeat anti-phishing technologies.

The more expensive kits even come equipped with exploit codes that take advantage of newly discovered — or even unknown — browser vulnerabilities to make it easier to hook victims.

"When a new vulnerability comes out they are on it right away and in some cases they are actually either buying zero day vulnerabilities and exploit code or creating them themselves," Hubbard said.

"They use exploit code within a browser to get something on your machine, which in turn looks for behaviours from the end user and then steals credentials."

Finding the phish
Hubbard said that sites created by some common phishing kits were easy to spot because the kit used a similar design for every fraudulent site it created. However, with the more expensive kits, unique site designs are generated for each user.

"The obfuscation techniques they use are very difficult to detect with antivirus because JavaScript can be tuned, changed on the fly and every user can have a different version of the content," Hubbard said.

"[With a kit like] Webattacker, for example, every single person that installs it has their own personal version and each user that connects to the Web site — depending on their browser — is served up with their own exploit code. There is no consistency with regards to heuristics."

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion