Page 1 of 1

Man-in-the-Middle phishing kit netted

Posted: Fri Jan 12, 2007 9:51 pm
by cgkanchi
A new kit for sale in the digital underground makes it easier for fraudsters to run more sophisticated phishing fraud attacks.

The Universal Man-in-the-Middle Phishing Kit enables fraudsters to sit between prospective marks and legitimate businesses. Rather just setting up a bogus website that's promoted through spam email, crooks set up a fraudulent website as a conduit through a legitimate website to communicate with their victims. The technology allows con men to automatically capture victims' personal information in real-time.

Such attacks have been seen before, but until now were restricted to the realm of skilled hackers. Man-in-the-Middle puts the approach in reach of s'kiddies.
Source: http://www.theregister.com/2007/01/12/phishing_kit/

Interesting times we live in.

Cheers,
cgkanchi

Posted: Fri Jan 12, 2007 10:13 pm
by Egaladeist
Beat ya to it :P

http://tazforum.thetazzone.com/viewtopic.php?t=5116
TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: TAZForum :: View topic - RSA Alert: New Universal Man-in-the-Middle Phishing Kit Disc

Posted: Fri Jan 12, 2007 11:12 pm
by cgkanchi
Nasty little news whore! :p

Cheers,
cgkanchi

Posted: Fri Jan 12, 2007 11:13 pm
by Maverick
Link whores, the whole damn lot of ya!

Posted: Fri Jan 12, 2007 11:19 pm
by Egaladeist
You know it! :D :P

Posted: Sat Jan 13, 2007 1:15 am
by catch
I brought this up with RSA back in late 2005 when they still just eyeballing PassMark Security. Their engineers kept saying that such attacks would be too complicated to be widespread...

Ugh, I don't know how many times I've said this... if it can be done with a computer it can and eventually will be automated. Assume this when selecting controls.

cheers,

catch

Posted: Sat Jan 20, 2007 1:02 pm
by TheHorse13
I have three issues with this.

The first is that RSA is acting like a spoiled child on the playground. They haven't and won't share their sample with the research community. Those who know me understand why this is a personal issue to me. That said, their behavior is a very quick way to isolate themselves in the malware research community.

The second is that this isn't new by any stretch. The tool may be new but the technique has been successfully used for years (as our good pal catch points out). Have a look at the Torpig Trojan, which is actually WORSE than this tool because it can actually pass most, if not all the layers of security on major banking sites. For those who are lost, see here:
http://www.sophos.com/virusinfo/analyse ... rpiga.html

That sucker made its appearance in 2005.

The final problem I have is that RSA has not published (with technical specifics) what this actually does. They'd rather use it to leverage and/or "establish" themselves in the malware/phishing sector. Problem is if you watch this thing in action, the sex appeal quickly goes away when you see what it does. For details on that, see my other post here:
http://tazforum.thetazzone.com/viewtopic.php?t=5207

--TH13

PS
*ANYONE* with $1,000 USD could have purchased this kit when it was being observed in the wild. You probably still can.