Man-in-the-Middle phishing kit netted

The place for what's new and going on in the tech, innovation, and science world.
Post Reply
User avatar
cgkanchi
Supertazzerfraggerlistic
Posts: 1631
Joined: Sun Aug 13, 2006 3:03 am

Man-in-the-Middle phishing kit netted

Post: # 54514Post cgkanchi
Fri Jan 12, 2007 9:51 pm

A new kit for sale in the digital underground makes it easier for fraudsters to run more sophisticated phishing fraud attacks.

The Universal Man-in-the-Middle Phishing Kit enables fraudsters to sit between prospective marks and legitimate businesses. Rather just setting up a bogus website that's promoted through spam email, crooks set up a fraudulent website as a conduit through a legitimate website to communicate with their victims. The technology allows con men to automatically capture victims' personal information in real-time.

Such attacks have been seen before, but until now were restricted to the realm of skilled hackers. Man-in-the-Middle puts the approach in reach of s'kiddies.
Source: http://www.theregister.com/2007/01/12/phishing_kit/

Interesting times we live in.

Cheers,
cgkanchi


Buy the Snakes of India book, support research and education (sorry website has been discontinued)
My blog (shameless plug, I know): http://biology000.blogspot.com

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18908
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Post: # 54519Post Egaladeist
Fri Jan 12, 2007 10:13 pm

Beat ya to it :P

http://tazforum.thetazzone.com/viewtopic.php?t=5116
TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: TAZForum :: View topic - RSA Alert: New Universal Man-in-the-Middle Phishing Kit Disc

User avatar
cgkanchi
Supertazzerfraggerlistic
Posts: 1631
Joined: Sun Aug 13, 2006 3:03 am

Post: # 54522Post cgkanchi
Fri Jan 12, 2007 11:12 pm

Nasty little news whore! :p

Cheers,
cgkanchi
Buy the Snakes of India book, support research and education (sorry website has been discontinued)
My blog (shameless plug, I know): http://biology000.blogspot.com

User avatar
Maverick
Top Gun
Posts: 6629
Joined: Mon Feb 13, 2006 12:55 am
Are you a Spammer: No

Post: # 54523Post Maverick
Fri Jan 12, 2007 11:13 pm

Link whores, the whole damn lot of ya!
- Maverick

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18908
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Post: # 54525Post Egaladeist
Fri Jan 12, 2007 11:19 pm

You know it! :D :P

catch
Wankers Cramp - no - its from typing - HONEST
Posts: 995
Joined: Tue Jan 10, 2006 3:49 am

Post: # 54533Post catch
Sat Jan 13, 2007 1:15 am

I brought this up with RSA back in late 2005 when they still just eyeballing PassMark Security. Their engineers kept saying that such attacks would be too complicated to be widespread...

Ugh, I don't know how many times I've said this... if it can be done with a computer it can and eventually will be automated. Assume this when selecting controls.

cheers,

catch
Proud Nubian Princess

User avatar
TheHorse13
Ace of HarDD's
Posts: 43
Joined: Fri Mar 03, 2006 3:33 pm
Location: Washington D.C.
Contact:

Post: # 55341Post TheHorse13
Sat Jan 20, 2007 1:02 pm

I have three issues with this.

The first is that RSA is acting like a spoiled child on the playground. They haven't and won't share their sample with the research community. Those who know me understand why this is a personal issue to me. That said, their behavior is a very quick way to isolate themselves in the malware research community.

The second is that this isn't new by any stretch. The tool may be new but the technique has been successfully used for years (as our good pal catch points out). Have a look at the Torpig Trojan, which is actually WORSE than this tool because it can actually pass most, if not all the layers of security on major banking sites. For those who are lost, see here:
http://www.sophos.com/virusinfo/analyse ... rpiga.html

That sucker made its appearance in 2005.

The final problem I have is that RSA has not published (with technical specifics) what this actually does. They'd rather use it to leverage and/or "establish" themselves in the malware/phishing sector. Problem is if you watch this thing in action, the sex appeal quickly goes away when you see what it does. For details on that, see my other post here:
http://tazforum.thetazzone.com/viewtopic.php?t=5207

--TH13

PS
*ANYONE* with $1,000 USD could have purchased this kit when it was being observed in the wild. You probably still can.
Any sufficiently advanced technology is indistinguishable from magic.
--Arthur C. Clarke

Post Reply