Universal Man-in-the-Middle phishing kit discovered

RSA Security has reported that a new phishing kit is now being sold relatively openly on the Internet.

The IT security vendor's 24x7 Anti-Fraud Command Centre says that the kit - known as the Universal Man-in-the-Middle Phishing Kit - is designed to create new and quite sophisticated attacks against customers of major Internet sites.

Using the kit, says RSA, its researchers were able to create a fraudulent URL via a `simple and user friendly' user interface.

Although the URL looks legitimate enough, the URL Web call is actually routed to one of several index sites created for the phishing kit, and then routed to one of several `current' fraudulent sub-sites.

These sub-sites appear and disappear on the Net every few days and tend to be where hackers have gained unauthorised access to an organisation's Web site or portal.

Whilst such phishing attacks are short-lived, the kit gets round the problem by using a series of pre-determined index sites to route to a constantly updated list of hacked sites.

By using a template approach, no matter what the URL of the hacked destination site is, the image of the phishing site looks relatively genuine to the punter.

RSA says that its researchers identified that the kit allows almost any Web site to be `configured' for phishing, importing Web pages for semi-automated adaptation as required.

On top of this, unlike standard phishing attacks, which only collect specific requested data, the kit is designed to intercept any type of credentials submitted to the site after the victim has `logged in.'

RSA claims it can identify, analyse and mitigate this type of attack via the RSA eFraudNetwork community - a pooled information resource - and help companies quickly spot if their Web site is being spoofed and subject to a phishing attack.

The existence of the kit is, of course, really bad news, since it allows almost any hacker novice to create a sophisticated phishing attack.

The moral of the story is never to click on a financial etc., URL contained in an email. Always use your favourites index or, if pushed, key in the Web site required manually.

This is a real pain, but something that has to be done...