How long do you think it takes a hacker to create a phishing sub-site on an existing (legitimate) Web site?
10 minutes? Or maybe five?
The answer - according to RSA Security - is two seconds.
This is possible, the IT security vendor claims, because a hacker can install a piece of PHP code on a weak site that auto-installs their own phishing mini-site.
According to RSA, the PHP code applet contains all of the HTML code and graphics needed for a fraudulent Web site, which spoofed a financial institution that RSA did not name in its report.
Interestingly, the IT security firm claims that the `.exe' file automatically installs the code and graphics in the right directories.
"Using such kits, fraudsters will be able to further automate the process of hi-jacking servers and creating new phishing sites," says the report.
Worrying stuff - read more about the problem here...