Hackers Target aspiring Internet scammers
October 26th, 2007 | by Fitri |
In a twist, security researchers have discovered a group of hackers who exploit a new category of victims: aspiring Internet scammers.
A Moroccan group called “Mr. Brain” offers free kits phishing on a Web site hosted in France, said Paul Mutton, Internet services developer at Netcraft, a security company in Bath, England.
The software makes it easy to quickly set up a fraudulent website imitating their brand-name counterparts in order to trick people into disclosing credit card details or bank account numbers. Models of spam e-mail are also included, the targeting of brands such as Bank of America, eBay, PayPal, and HSBC.
Mr. Brain’s Web site lists the kits and what kind of details each is able to collect, such as user names, passwords or social security numbers. Netcraft posted screenshots on its website.
But what aspiring crook does not know is that phishing kits are designed to send sensitive information back to the collected e-mail accounts controlled by Mr. Brain, Mutton said.
“Obviously, that is why they offer this kind of thing for free,” Mutton said. “I was impressed by him.”
Mr. Brain hides special e-mail function in a mixture of PHP scripts, one of which is encrypted, Mutton said. Just in case someone decrypts, Mr. Brain wrote at the top of the file “You do not need to change anything here. Created by Mr. Brain Team Morocco.”
The device appears to be for new types of attacks, Mutton said. Mr. Brain benefits as other wannabe scammers assume the cost and risk of finding an Internet service provider to host the site phishing, Mutton said.
“Essentially, they take advantage of all these novices phishers - essentially making them do all the hard work,” said Mutton.
It is difficult to say without more research, how free phishing kits related to the latter scam are live on the Internet, but said sheep Netcraft noticed earlier this month targeting Bank of America.