Phishing Kits Widely Compromised To Steal From Phishers (Information Week) [LWN.net]

For your amusement: Information Week reports from a USENIX talk about compromised phishing kits. "In January, Netcraft security researcher Paul Mutton identified a phishing tool kit distributed by a group of Moroccan cybercriminals that had been compromised with a back door. Unbeknownst to its users, the phishing kit sent copies of stolen information to its creators. Now it turns out that more than 40% of the live phishing kits found online (61 out of 150) have back doors designed to steal from the information thieves using them." The moral is clear: one should always stick with open-source malware.

(Log in to post comments)

Phishing Kits Widely Compromised To Steal From Phishers (Information Week)

Posted Jul 31, 2008 16:09 UTC (Thu) by Tjebbe (subscriber, #34055) [Link]

Makes me wonder,

have any phishers been accused of 'real-world' crimes (with data stolen through phishing) that
they didn't actually commit, with the creators of the backdoored phishing software being
guilty (guiltier?)?

Will this give them plausible deniability for such 'follow-up' crimes? ('yeh we done stole
them datas but we didn't do nothin with em')

Or was the act of phishing never enough to get an accusation/conviction for anything?

Phishing Kits Widely Compromised To Steal From Phishers (Information Week)

Posted Aug 1, 2008 16:28 UTC (Fri) by drag (subscriber, #31333) [Link]

Smart criminals don't do crimes.

They get other, much more stupid, people to do it for them and use a combination of fear,
deception, and secrecy to keep themselves from getting discovered.

---------------------------

Imagine this:

Say a script kiddie is angry at this or that corporation. So they decide to engage in some
'hacktivism' to 'get the man'.

So they spend a whole 30 minutes to find out some users and their email addresses from a
corporate website. Then they manage to specially crafted emails with zips in them with the
latest-and-greatest windows worm that so far is not known by anti-virus makers.

The 15 year old found the new worm by giving a IRC bot in a obscure channel on a obscure IRC
server a special passphrase. The person that told him about the IRC bot also told him where to
go to find out how to make emails look like they came from somebody else. This anonymous
person heard the kid complaining about the corporation and how him and his buddies were going
to hack it as soon as they figured out how to do that.

Sooo....

The kiddie is successfully able to make some poor sap working at the corporation to double
click on the attachment and run the 'see teddy.exe' program. This installed the virus, which
then looked in the address book, and started emailing everybody in there. etc etc etc.

So there is a huge explosion. The network is saturated, everything sucks. And the IT folks
have to run around shutting down machines and are generally flipping out for a day or two.

After that the IT folks scold everybody for actually trusting the software enough to double
click on something, and life goes back to normal.

Of course...

At this time nobody has noticed that there is a Printer with a Linux/Apache-based web
interface in accounting, a Linux server on a branch office, and 2 Windows servers in the
network room that are all now receiving small instructions in the form of HTTPS packets that
are transparently being routed through the corporate web proxy and NAT firewalls, because
nobody is expecting them, nobody knows to look for them, and they are mixed up with legit
traffic.

Nothing gets detected by any root kit detector or the out of date anti-virus installed on any
of those machines because the real criminal is using kernel-level rootkits.

Phishing Kits Widely Compromised To Steal From Phishers (Information Week)

Posted Jul 31, 2008 18:11 UTC (Thu) by ronin_engineer (guest, #52737) [Link]

Yes, or non-technical opportunistic criminals who are looking to make a fast buck.

Phishing Kits Widely Compromised To Steal From Phishers (Information Week)

Posted Aug 4, 2008 11:35 UTC (Mon) by intgr (subscriber, #39733) [Link]

The ones that did notice obviously didn't use the backdoored kits.

Phishing Kits Widely Compromised To Steal From Phishers (Information Week)

Posted Aug 1, 2008 19:38 UTC (Fri) by tzafrir (subscriber, #11501) [Link]

reply to the article with: tag:haha

Phishing Kits Widely Compromised To Steal From Phishers (Information Week)

Posted Aug 2, 2008 18:55 UTC (Sat) by xtifr (subscriber, #143) [Link]

Semi-off-topic, but I would like to slap-with-a-wet-trout the person who coined the term
"phishing".  Nothing excessively wrong with it, except that when you're trying to talk about
it to a friend or co-worker, you always have to take a moment to explain that you're referring
to the email type, not the rod-and-reel type.  Which, in a case like this tends to weaken the
punchline (jokes are never improved when you have to stop to explain).

I am therefore starting a movement to get "pfishing" accepted as an alternate spelling.  I
realize it's too late to replace the existing usage, but it may not be too late for a useful
(because it's pronouncable) alternate spelling.  So I'd like to call on LWNers to help spread
this.  Sure, we'll occasionally have people criticize our apparent misspelling, but I think
that's a worthwhile price to pay for improving the world in a small way. :)