Phishing Update: New Tool Enables Near â€˜Real-Timeâ€™ CapabilityVulnerable Web Servers Are More Quickly Identified By Fraudsters
The news from the crimeware front isnâ€™t good. The research team at RSA Security reports the discovery of a tool that fraudsters are using to automatically trace vulnerable web servers, allowing them to quickly launch multiple phishing attacks.
â€œThis new technique can make the life of fraudsters easier, and facilitates the deployment of phishing attacks,â€ says RSAâ€™s Senior Product Marketing Manager Jens Hinrichsen. The tool enables fraudsters to host malicious content, such as phishing or Trojan sites on the vulnerable web servers.
While online banking websites are generally well protected, there are still plenty of targets out there. â€œThe types of sites that have been hijacked in the past and used for phishing, such as university, hospital, and small or medium-sized businesses have been targets and will continue to be the targeted,â€ Hinrichsen says. â€œThe fraudsters then use these sites to launch their spam or phishing attacks.â€
Using such techniques, fraudsters will be able to automate the entire process of deploying a phishing site â€“ beginning with the tracing of a vulnerable server, hijacking the server and creating new phishing sites. â€œThis is likely to bring phishersâ€™ efforts in creating new attacks to a minimum,â€ Hinrichsen adds. â€œAttacks could really near real-time status, where before it took more effort on the part of the phisher to construct the attack.â€
The good news, according to Hinrichsen is the mitigation of such attacks remains the same. â€œThe convenience of creating phishing attacks does not make them harder to detect or mitigate. Once the attack is live and phishing emails are sent, the detection and shutdown efforts are the same as in any other phishing attack.â€
The research team also reports that September 2007 marked yet another record month in terms of the number of phishing attacks over the past year, rising by more than 1,000 attacks from July 2007 to August 2007. Also, there were more than 5,000 additional attacks year over year â€“ more than double â€“ from September 2006 to September 2007. The trend of increased phishing attacks is visible for the sixth month in a row. Hinrichsen says that similar to last month, the research team at RSA attributes this increase due to a sharp rise in the activity of the Rock Phish group.
Researchers also noted a contrast to the increase in the number of brands attacked during the summer, the number of attacked brands actually decreased in September, the lowest rate since February 2007. But Hinrichsen notes that this is most probably a â€œblipâ€ and expects it to return to the same or higher numbers of attacks. The researchers indicate on average, that each individual institution was attacked with more frequency than ever before. In September, RSAâ€™s Anti-Fraud Command Center identified attacks targeted to very few institutions that had not seen attacked before. This compares to 30 new institutions attacked the previous month.
(Read the complete RSA Report: http://www.rsa.com/solutions/consumer_authentication/intelreport/FRARPT_DS_1007.pdf#xml=http://www.rsa.com/programs/texis.exe/webinator/search/xml.txt?query=RSA++September+2007&pr=rsadotcom&prox=page&rorder=500&rprox=500&rdfreq=500&rwfreq=500&rlead=500&sufs=0&order=r&cq=&id=4716f6b611)