NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0367 Phishing kit for Wannabe Scammers:


In a twist, security researchers have discovered a group of hackers who are exploiting a new category of victim -- aspiring internet scammers. A Moroccan group called "Mr. Brain" is offering free phishing kits on a web site hosted in France, according to an internet services developers at Netcraft, a security company in Bath, England. The software packages make it easy to quickly set up a fraudulent web site mimicking a known brand in order to trick people into divulging credit card details or bank account numbers. Templates for spam email are also included, targeting brands such as Bank of America, eBay, PayPal, HSBC. Mr. Brain's web site lists the kits, what kind of details each one is capable of collecting - such as usernames, passwords, or social security numbers, but what the aspiring scammer doesn't know is that the phishing kits are designed to send any sensitive information that's collected back to email accounts controlled by Mr. Brain. Mr. Brain hides the special email function in a blend of PHP scripts, one of which is encrypted, the security researcher said. Just in case someone decrypts it, Mr. Brain has written at the top of the file "Don't need to change anything here. Created by Mr. Brain Morocco Team." He says the scheme seems to be targeted at new phishers. Mr. Brain benefits since other wannabe scammers shoulder the cost risk of finding a n ISP (Internet Service Provider) to host the phishing site. It's difficult to tell without further research how many of the free phishing kits linked with this latest scam are live on the internet, but Netcraft noticed one earlier this month targeting Bank of America.

(IDG News Service 23JAN08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 17-Feb-2008 10:50:52 EST