Monday, March 31, 2008

Phishing Pages for Every Bank are a Commodity

A new phishing scam is currently in the wild, emails pretending to be from Bank of ****** were detected by *****, anti spam vendors are indicating a tremendous increase in phishing emails during the last quarter - phishing headlines as usual, isn't it? Phishing is logically supposed to increase, the convergence of phishing and bankers malware is already happening, segmentation of the emails database is only starting to take place, and it's not that a perticular brand is targeted more efficiently than other - they're all getting targeted. In 2008, phishing pages for each and every bank are a commodity, anyone can download them, modify them to have the stolen data forwarded to a third-party, backdoor them to have phishers scamming the phishers, facts that are shifting the emphasis on the segmentation, malicious economies of scale concept, the spamming process of phishing emails, and of course, the arms race between the targeted brands and the phishers in terms of catching up with each other's activities.

In the very same way, malware authors apply Quality and Assurance practices to their malware releases by sandboxing, making sure they have a low detection rate by scanning them with all the anti virus scanners available, as well as ensuring they'll phone back home through bypassing the most popular firewalls, phishers tend to put a lot of efforts into coming up with the very latest fake phishing pages of each and every brand or financial institution. What you see in the attached screenshot is a detailed description of the exact type of information the phishing page is capable of collecting, and when it was last updated. And while the question to some has to do with the number of people getting tricked by phishing emails, coming across such regularly updated repositories makes me think how many people are getting tricked by outdated phishing pages.

The logical questions follows - why would a phisher simply release the very latest phishing pages for a multitude of brands to be targeted in the wild for free, next to keeping them private for his very own private phishing purposes? Take web malware exploitation kits for instance, and the moment when once they turned into a commodity, they started getting used as a bargain in many other deals. In the phishing pages case, once the "product" is offered for free, the "service" in this case the possible segmentation and spamming as a process comes with a price tag.

And while someone's currently using these freely available phishing pages, others are selling them to those unaware that they're actually a commodity and come free, and someone else is using them in a bargain deal offering them as a bonus for purchasing another underground good or service to an uninformed bargain hunter again not knowing that what's offered as bonus is actually available for free - the dynamics of the underground economy in full scale.

Related posts:
RBN's Phishing Activities
Inside a Botnet's Phishing Activities
Large Scale MySpace Phishing Attack
Update on the MySpace Phishing Campaign
MySpace Phishers Now Targeting Facebook
DIY Phishing Kits
DIY Phishing Kit Goes 2.0
PayPal and Ebay Phishing Domains
Average Online Time for Phishing Sites
The Phishing Ecosystem
Assessing a Rock Phish Campaign
Taking Down Phishing Sites - A Business Model?
Take this Malicious Site Down - Processing Order..
209 Host Locked
209.1 Host Locked
66.1 Host Locked
Confirm Your Gullibility
Phishers, Spammers and Malware Authors Clearly Consolidating
The Economics of Phishing