NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA Listmaster
Distributed via NCVA REFLECTOR: 2007-01-17 0412z

NRT-0004 Computer Security "Hitman":

Security researchers from RSA, the Security Division of EMC, on 10 December announced the discovery of a new phishing kit for sale online that is capable of intercepting any type of credentials submitted by the victims on any Web site, according to press reporting. The researchers claim to have discovered and analyzed a demo of the kit, dubbed the "Universal Man-in-the-Middle Phishing Kit", that was offered as a free trial on an online forum related to computer fraud. The kit reportedly allows an attacker to create a fraudulent site through a simple, user-friendly online interface that automatically imports genuine content from the legitimate site spoofed in the attack. The fraudulent site communicates with the legitimate site in real-time, which provides the attacker access to the victim's information as it is typed. The new kit has two primary benefits. It can be easily configured to target any site - including banking sites, e-commerce sites, or other business transaction sites - rather that just a single site as typical phishing kits do. It is also capable of collecting any type of credentials passed by the victim during the attack, according to the news report.

What does all this mean? It means YOU have to be more vigilant than ever, more careful than ever, and be PROACTIVE in your protection of online activity. Don't assume that everything you do and have is sufficient - be skeptical any time something just doesn't FEEL right.

Last Modified: Saturday, 20-Jan-2007 17:45:10 EST