Digital Transactions Authoritative, insightful and timely information for payments professionals
Fraudsters have started using computer files that allow them to instantly create a phishing site on a compromised computer, a move that could make their activities harder to detect, a report from RSA Security Inc. says. The Bedford, Mass.-based security firm's Anti-Fraud Command Center has discovered what it calls a “plug-and-play” phishing kit, or a single electronic file that fraudsters can upload to a server. When they double-click on the file, it creates a fully functional phishing site, complete with graphics, in a matter of seconds. Up to now, phishers have had to create the bogus sites that form the basis of phishing attacks by installing various files one-by-one in corresponding directories. Though this process isn't particularly time-consuming, it does require multiple visits to the compromised server and manual installation, which increases the chance of detection, says RSA, a unit of EMC Corp. By contrast, the new kit, which the AFCC discovered early last month, automates this installation process, acting much as an “.exe” file does. This allows criminals to visit the server only once and further simplifies the task of pulling off a phishing fraud. In a lab, RSA technicians were able to create a site in about two seconds using the kit, the report says. With information gleaned from the kit, the AFCC shut down several phishing attacks that were hijacking the name of a single financial institution. It also shut down an e-mail address associated with the fraudster launching them. The RSA unit tracks and shuts down phishing, pharming, and Trojan attacks affecting more than 200 client institutions. Still, RSA warns that the introduction of the new weapon could have serious consequences. “Fraudsters will be able to further automate the process of hijacking servers and creating new phishing sites,” the company's report says. Making matters worse is that phishers already have found ways to automatically scan for and find vulnerable servers and upload files to them without the need to hack into them, RSA says. “The potential combination of these methods?tracing and compromising vulnerable servers, along with plug-and-play phishing kits?would significantly decrease the workload involved in creating and launching new attacks,” says the report. RSA's discovery of the so-called plug-and-play kit comes six months after its researchers found an insidious new “universal man-in-the-middle” toolkit phishers had created to allow them to harvest data unwary users enter online at legitimate sites (Digital Transactions News, Jan. 10).
