Related Links

  • Imperva
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories


Automated cloud-based phishing kit revealed

26 July 2010

Data security specialist Imperva claims to have uncovered a new type of automated phishing kit that uses cloud computing technology to maximise its efficiency – as well as rip off third-party hackers.

According to Amichai Shulman, CTO for Imperva, two master hackers wrote and then posted a phishing kit onto the hacker forums. Then, when other hackers download the kit and deploy a successful phishing campaign, all the stolen credentials and information goes straight back to the master hacker without the proxy hacker's knowledge.

It's very clever and proves there is no honour amongst thieves, as the master hacker never needs to conduct a campaign to see a financial gain, he said in his weekend security blog.

According to Shulman, the master hacker claims 200K+ downloads and the low level hackers may see some success – and steal a few hundred credentials in the process before their fake sites are shut down.

"The master hacker that created the kit now leverages their back door harvesting all the credentials the proxy hackers managed to get – which translates into thousands of accounts", he said.

And he continued, since new people create new phishing sites every day, with new campaigns the master hacker's numbers grow steadily.

"Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers", he said.

"And with the new cloud-based approach, the infrastructure for this phishing kit never goes away. Why? In traditional phishing schemes when you take down a server you also take down the collection point, aka, the command and control centre", he added.

Shulman went on to say that, whilst you may be able to take down many domains set up by the same individual and severely affect the phishing campaign, taking down the campaign doesn't work "because you don't take down the command and control centre since it's in the cloud".

"What's more, each of the 'subsidiaries' has their own campaign so taking down a bunch of domains does not affect other campaigns that send data to the command and control centre", he explained.

This article is featured in:
Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×