The latestRSA Monthly Fraud Reporthas warned of
a new "kit" that can create aphishing sitein two seconds when a
user double-clicks an infected file.
The RSA Anti
Fraud Command Center discovered the "plug-and-play" phishing
kit in June following a forensic analysis of several attacks on a
financial institution.
Traditional phishing sites usually include various files which
must be installed on a compromised server where the attack is
hosted. Typical files are PHP code files, HTML pages, images of the
bank logo and cards, etc, the company said.
"The files must be installed one by one in the appropriate
directories, on the server which is controlled by the phisher. The
process is rather simple, and is not very time-consuming. However,
it does mean that the phisher has to access the compromised server
several times and install the files manually.
"The kit is a single PHP code file, which is run on the
compromised server once, and automatically creates the relevant
directories and installs all of the files associated with the
specific phishing site.
"During testing of the kit in the RSA phishing lab, a phishing
site was installed within approximately two seconds," RSA said.
Because phishers need access to the compromised server only
once, the risk of being caught is much lower. This increases the
chance of them hijacking sites.
RSA warned that a phisher could use other tools to search for
vulnerable servers and upload files to them without actually
hacking into the server. Combining this with plug-and-play phishing
kits would significantly decrease the workload involved in creating
and launching new attacks, it said.