NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0374 New Toolkit Automates Phishing Operations:
Hackers have launched a web site that allows users to
construct phishing pages for social networking and webmail sites. The site,
which was discovered by researchers at security firm FaceTime, targets
networking sites such as MySpace, Facebook and Orkut, and webmail services
including Hotmail and Yahoo Mail. The page reportedly allows would-be hackers
to build a special email which can be sent to one or more victims. The user
selects an email template and a site to target, then designs an email greeting
card which is sent to the victim. The e-card leads to a phishing site
impersonating the domain. Any log-in credentials stolen by the site are then
forwarded to a page which can be accessed by the user. "It tells you
numerous pieces of information, including the number, date and type of account
compromised, so the budding hacker can keep a running total of their
exploits," wrote a FaceTime malware researcher. The researchers contacted
the company hosting the site, which initially took it down. However, it was
said to be back online later the same day.
(www.vnunet.com 29JAN08)