January 19th, 2007, 04:00 AM
Universal Phishing Kit
Theres been a buzz lately about this "Universal" Phishing kit thats been sold online. I myself have been trying to get hold of this so called "kit" and see how it works.
heres a bit more detail. but for anyone who knows where to find this kit, pls let me know.
Fraudsters are hawking free trials of "universal" man-in-the-middle phishing kits through an online forum, security researchers said today.
RSA's Anti-Fraud Command Center (AFCC) discovered an internet forum populated by fraudsters that is offering a set of tools to create a man-in-the-middle scheme, according to a company news release.
The kit allows would-be attackers to create a bogus URL that communicates with both the end user and the legitimate website in real time, the release said. The scammer must first dupe the user into visiting the spoofed site.
These so-called universal phishing kits allow users to configure their attacks to take advantage of any target website, according to the release.
What makes man-in-the-middle attacks so troubling to security experts is that they allow hackers to continue to steal credentials even after the account holder has logged in, thus permitting the attacker to make an immediate financial transaction. In addition, because the fake site is communicating with the real one, it will alert users when they have incorrectly entered in their login details - thus enhancing the legitimacy of the scam.
Experts have said mutual authentication - in which both the client browser and the website must validate themselves - needs to be implemented to prevent against this new style of attack. Two-factor authentication won't cut it.
"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan, director of marketing in the Consumer Solutions division at RSA. "While these types of attacks are still considered ‘next generation,' we expect them to become more widespread over the course of the next 12 to 18 months."
Amazon.com and Citibank have become recent man-in-the-middle victims.
January 19th, 2007, 04:38 AM
Sounds like a big part of it would be some script to spider enough of the target site to make a reasonable facsimile, and some scripts to rework forms so that their input is logged and the user is redirected back to the real site.
[HvC]Terr: L33T Technical Proficiency
January 19th, 2007, 04:46 AM
aye, it pretty much acts like a proxy, if u think about it in that terms.