Majority of phishing websites ‘assembled from kits’
New research has found that almost all phishing websites are made from off-the-shelf components available from the internet.
The study carried out by IBM’s Internet Security Systems subsidiary found that 92 per cent of new phishing web sites were kit-based. The company’s X-Force research team found that out of 3,544 phishing websites recently identified, 3,256 of them used tools that allow a non-technical attacker to rapidly deploy multiple phishing websites (with multiple DNS host entries for virtual hosts) on a single host (i.e. a compromised computer).
Further research by the team discovered that those phishing kit sites led back to 100 registered domains (compared to the 288 non-kit phishing websites that made use of 276 registered domains). The majority of these domains (44 per cent) were registered with a Hong Kong (.hk) address.
Gunter Ollmann, director of security strategy for IBM Internet Security Systems said that the research showed that the use of phishing kits (with their multiple sites hosted on a single server) greatly inflated the total number of phishing sites that are commonly reported each week, and that this number does not adequately correlate to the number of hosts that are actually involved in a phishing scam.
‘This differentiation between hosts that are running phishing kits and those that aren’t is pretty important,’ said Ollman. ‘In my mind it’s analogous to classic network hack attempts and whether you count the number of attack probes detected, or you count the number of attackers actually launching the probes.’
He said there is a big difference between observing twice as many attacks and having twice as many attackers targeting your organisation – ‘the later actually has importance in the way you should be responding to the threat,’ he said.