9 out of 10 Phishers Using DIY Kits

< p class="artbyline">By Greg McNevin

June 11, 2007: According to new research from IBM Internet Security Systems (ISS), the vast majority of phishing websites have been created with a do-it-yourself kit.

The ISS found that out of 3,544 newly created sites not only were 92 percent created with a kit, but the vast majority are connected with just 100 domains – 44 percent of which end in a .hk (Hong Kong).

The kits enable relatively inexperienced hackers to create malicious websites to snare and strip unwitting users of their personal, banking and other details and perform attacks with ease.While it acknowledges that the number of sites is growing exponentially, the ISS says this does not necessarily mean that the threat from phishing is growing in a parallel fashion though.

“Even though this data only corresponds to a single weeks worth of phishing attacks, we can clearly see that the use of phishing kits … greatly inflates the total number of phishing sites that are commonly reported each week, and that this number does not adequately correlate to the number of hosts that are actually involved in a phishing scam,” Writes Gunter Ollmann, on the ISS’s Frequency X blog.

“There is a big difference between observing twice as many attacks and having twice as many attackers targeting your organisation – the later actually has importance in the way you should be responding to the threat.”

That said, Ollmann is hardly being blasé about the threat phishing poses to security.

“If you’re not concerned about the phishing threat, then you probably don’t use email and don’t browse the Internet – in fact you’re probably only reading this blog entry because someone else printed it off for you” he notes.

While generic DIY kits can make threats easier to spot, as always a good defence can be the best offence. Being wary of unsolicited email and being generally vigilant for dodgy websites is still the best line of defence when firewalls and filters don’t save the day.

Comment on this story