Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
In January, Netcraft security researcher Paul Mutton identified a phishing tool kit distributed by a group of Moroccan cybercriminals that had been compromised with a back door. Unbeknownst to its users, the phishing kit sent copies of stolen information to its creators. Now it turns out that more than 40% of the live phishing kits found online (61 out of 150) have back doors designed to steal from the information thieves using them." The moral is clear: one should always stick with open-source malware.
Posted Jul 31, 2008 15:46 UTC (Thu)
by sethg (guest, #14970)
[Link]
Posted Jul 31, 2008 16:09 UTC (Thu)
by Tjebbe (guest, #34055)
[Link] (1 responses)
Posted Aug 1, 2008 16:28 UTC (Fri)
by drag (guest, #31333)
[Link]
Posted Jul 31, 2008 18:06 UTC (Thu)
by MisterIO (guest, #36192)
[Link] (2 responses)
Posted Jul 31, 2008 18:11 UTC (Thu)
by ronin_engineer (guest, #52737)
[Link]
Posted Aug 4, 2008 11:35 UTC (Mon)
by intgr (subscriber, #39733)
[Link]
Posted Aug 1, 2008 3:44 UTC (Fri)
by dmarti (subscriber, #11625)
[Link] (1 responses)
Posted Aug 1, 2008 19:38 UTC (Fri)
by tzafrir (subscriber, #11501)
[Link]
Posted Aug 2, 2008 18:55 UTC (Sat)
by xtifr (guest, #143)
[Link]
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
There is no honor among thieves.
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
Makes me wonder,
have any phishers been accused of 'real-world' crimes (with data stolen through phishing) that
they didn't actually commit, with the creators of the backdoored phishing software being
guilty (guiltier?)?
Will this give them plausible deniability for such 'follow-up' crimes? ('yeh we done stole
them datas but we didn't do nothin with em')
Or was the act of phishing never enough to get an accusation/conviction for anything?
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
Smart criminals don't do crimes.
They get other, much more stupid, people to do it for them and use a combination of fear,
deception, and secrecy to keep themselves from getting discovered.
---------------------------
Imagine this:
Say a script kiddie is angry at this or that corporation. So they decide to engage in some
'hacktivism' to 'get the man'.
So they spend a whole 30 minutes to find out some users and their email addresses from a
corporate website. Then they manage to specially crafted emails with zips in them with the
latest-and-greatest windows worm that so far is not known by anti-virus makers.
The 15 year old found the new worm by giving a IRC bot in a obscure channel on a obscure IRC
server a special passphrase. The person that told him about the IRC bot also told him where to
go to find out how to make emails look like they came from somebody else. This anonymous
person heard the kid complaining about the corporation and how him and his buddies were going
to hack it as soon as they figured out how to do that.
Sooo....
The kiddie is successfully able to make some poor sap working at the corporation to double
click on the attachment and run the 'see teddy.exe' program. This installed the virus, which
then looked in the address book, and started emailing everybody in there. etc etc etc.
So there is a huge explosion. The network is saturated, everything sucks. And the IT folks
have to run around shutting down machines and are generally flipping out for a day or two.
After that the IT folks scold everybody for actually trusting the software enough to double
click on something, and life goes back to normal.
Of course...
At this time nobody has noticed that there is a Printer with a Linux/Apache-based web
interface in accounting, a Linux server on a branch office, and 2 Windows servers in the
network room that are all now receiving small instructions in the form of HTTPS packets that
are transparently being routed through the corporate web proxy and NAT firewalls, because
nobody is expecting them, nobody knows to look for them, and they are mixed up with legit
traffic.
Nothing gets detected by any root kit detector or the out of date anti-virus installed on any
of those machines because the real criminal is using kernel-level rootkits.
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
Well, it's interesting the fact that these cybercriminals didn't even notice these backdoors
till now! What are they? Script kiddies?
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
Yes, or non-technical opportunistic criminals who are looking to make a fast buck.
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
The ones that did notice obviously didn't use the backdoored kits.
I want to write a tagging feature for the LWN CMS just so I can tag this "haha". (when is the LWN CMS coming out, anyway?)
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
reply to the article with: tag:haha
Phishing Kits Widely Compromised To Steal From Phishers (Information Week)
Semi-off-topic, but I would like to slap-with-a-wet-trout the person who coined the term
"phishing". Nothing excessively wrong with it, except that when you're trying to talk about
it to a friend or co-worker, you always have to take a moment to explain that you're referring
to the email type, not the rod-and-reel type. Which, in a case like this tends to weaken the
punchline (jokes are never improved when you have to stop to explain).
I am therefore starting a movement to get "pfishing" accepted as an alternate spelling. I
realize it's too late to replace the existing usage, but it may not be too late for a useful
(because it's pronouncable) alternate spelling. So I'd like to call on LWNers to help spread
this. Sure, we'll occasionally have people criticize our apparent misspelling, but I think
that's a worthwhile price to pay for improving the world in a small way. :)