How long to install a phishing sub-site?

How long do you think it takes a hacker to create a phishing sub-site on an existing (legitimate) Web site?

10 minutes? Or maybe five?

The answer - according to RSA Security - is two seconds.

This is possible, the IT security vendor claims, because a hacker can install a piece of PHP code on a weak site that auto-installs their own phishing mini-site.

According to RSA, the PHP code applet contains all of the HTML code and graphics needed for a fraudulent Web site, which spoofed a financial institution that RSA did not name in its report.

Interestingly, the IT security firm claims that the `.exe' file automatically installs the code and graphics in the right directories.

"Using such kits, fraudsters will be able to further automate the process of hi-jacking servers and creating new phishing sites," says the report.

Worrying stuff - read more about the problem here...