Phishing Update: New Tool Enables Near ‘Real-Time’ Capability

Vulnerable Web Servers Are More Quickly Identified By Fraudsters

The news from the crimeware front isn’t good. The research team at RSA Security reports the discovery of a tool that fraudsters are using to automatically trace vulnerable web servers, allowing them to quickly launch multiple phishing attacks.

See Also: Evaluating Software Security Training Providers - A Buyers Guide

“This new technique can make the life of fraudsters easier, and facilitates the deployment of phishing attacks,” says RSA’s Senior Product Marketing Manager Jens Hinrichsen. The tool enables fraudsters to host malicious content, such as phishing or Trojan sites on the vulnerable web servers.

While online banking websites are generally well protected, there are still plenty of targets out there. “The types of sites that have been hijacked in the past and used for phishing, such as university, hospital, and small or medium-sized businesses have been targets and will continue to be the targeted,” Hinrichsen says. “The fraudsters then use these sites to launch their spam or phishing attacks.”

Using such techniques, fraudsters will be able to automate the entire process of deploying a phishing site – beginning with the tracing of a vulnerable server, hijacking the server and creating new phishing sites. “This is likely to bring phishers’ efforts in creating new attacks to a minimum,” Hinrichsen adds. “Attacks could really near real-time status, where before it took more effort on the part of the phisher to construct the attack.”

The good news, according to Hinrichsen is the mitigation of such attacks remains the same. “The convenience of creating phishing attacks does not make them harder to detect or mitigate. Once the attack is live and phishing emails are sent, the detection and shutdown efforts are the same as in any other phishing attack.”

The research team also reports that September 2007 marked yet another record month in terms of the number of phishing attacks over the past year, rising by more than 1,000 attacks from July 2007 to August 2007. Also, there were more than 5,000 additional attacks year over year – more than double – from September 2006 to September 2007. The trend of increased phishing attacks is visible for the sixth month in a row. Hinrichsen says that similar to last month, the research team at RSA attributes this increase due to a sharp rise in the activity of the Rock Phish group.

Researchers also noted a contrast to the increase in the number of brands attacked during the summer, the number of attacked brands actually decreased in September, the lowest rate since February 2007. But Hinrichsen notes that this is most probably a “blip” and expects it to return to the same or higher numbers of attacks. The researchers indicate on average, that each individual institution was attacked with more frequency than ever before. In September, RSA’s Anti-Fraud Command Center identified attacks targeted to very few institutions that had not seen attacked before. This compares to 30 new institutions attacked the previous month.

(Read the complete RSA Report:

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.