Use of phishing toolkits on the rise

Peter Dinham
Sunday, 14 June 2009 11:34

Business IT - Security

“This is in all likelihood,” says Cowings, “related to a specific command & control server being reactivated, as toolkit activity often fluctuates with the activities of command & control servers and botnets.”

Symantec observed that there was a sudden increase in toolkit attacks during the first week of the month (primarily targeting the information services and financial sectors).
The rise in toolkit attacks was primarily the resurgence in phishers targeting a popular information services brand. This is in all likelihood related to a specific Command & Control server being reactivated, as toolkit activity often fluctuates with the activities of Command & Control servers and botnets.

The trend of phishing attacks towards Facebook, according to Cowings, revealed that he domains hosting the phishing sites were mainly a jumble of haphazardly generated names all of which included a country code (many of which were “.im”, “.at” or “.be”).

Most of these phishing sites were based out of Latvia and China, with Symantec suspecting that the initial Facebook phishing attack vector was through forged spam email.

“However,” says Cowings,”once user accounts had been compromised, the attacks were most likely launched through Facebook itself.”

“The purpose of phishing attacks towards popular information services sites are primarily to obtain a large number of credentials and leverage email services for spamming activities. Fortunately the team at Facebook regarded the phishing attacks very seriously and worked diligently to remove messages with those links, and helping secure any compromised accounts.”

Symantec’s report also reveals that phishers today use IP addresses as part of the hostname instead of a domain name, and, it says, this is a tactic used to hide the actual fake domain name that otherwise can be easily noticed.

A total of 1237 phishing sites were hosted in 77 countries, according to Symantec, and this amounted to an increase of approximately two percent of IP attacks in comparison to the previous month, with the greater China region accounting for approximately 15 percent of IP attacks in the month. Brazil and Russia were new members in Symantec’s top 10 list, making their debut appearance at the third and fourth positions respectively.