Blog

Cyber-criminals can access free kits to aid them in launching phishing attacks, an online security resource has discovered.

The kits, discovered by PandaLabs, could allow the thieves to send out mass fraudulent emails mimicking bank web pages, online pay platforms and email accounts in order to trick people into handing over financial and personal data.

From the kit a criminal can access two files. One file allows the creation of spoof emails made to look like they have come from official sources and the other allows criminals to create mock-ups of genuine web pages.

The phishing attack takes place when the criminal spams internet users with the email, with a link to the fake web page. Users who follow the link will be asked to enter their personal data. Lists of email addresses can also be purchased from the internet.

Technical director of PandaLabs Luis Corrons said that the amazing thing was that the kits were free.

“Due to the simplicity of the tools, the number of phishing attacks increases, causing companies and consumers large losses,” said Mr Corrons.

Last week spam celebrated its 30th anniversary.

Users of Mozilla Firefox are vulnerable to phishing attacks because the pop-up dialogue box for password entry in the latest version of the web browser can be spoofed, a leading security researcher has warned.

Aviv Raff claims a vulnerability in the way that Firefox displays authentication dialogs allows cyber criminals to obtain username and password information by deceiving users into thinking they are giving their details to a reliable source.

In an advisory, he wrote: “Mozilla Firefox allows spoofing the information presented in the basic authentication dialog box. This can allow an attacker to conduct phishing attacks by tricking the user to believe that the authentication dialog box is from a trusted website.”

Mr Raff has posted a video on the popular video sharing website YouTube to show how criminals can exploit the vulnerability and he is urging Firefox users not to provide any usernames and passwords to any sites using the basic pop-up dialogue box method of authentication.

Last month Mr Raff highlighted a security loophole in Google’s Toolbar browser utility that allowed phishers to spoof a URL in a dialog box that popped up when users tried to download new toolbar buttons.

Social networking sites are likely to become an increasingly attractive target for fraudsters, experts have warned.

The turn of the new year is expected to see the popularity of social networking sites such as MySpace and Facebook continue.

However, IT security analysts say the proliferation of personal details and the availability of information on people’s date of birth, interests and phone numbers could be a way in for unscrupulous hackers.

ScanSafe has forecast that 2008 will see Web 2.0 threats top the list of the biggest security worries.

“The explosion in popularity of Web 2.0 applications has made Web 2.0 sites an increasingly rich target for cyber criminals,” the firm declared in its evaluation of the coming year.

Mary Landesman, senior security researcher at the firm, told the BBC the nature of the medium meant it could be targeted.

“The technologies that play there and the third party add-ons make it an environment that is susceptible to compromise,” she explained.

Cybercrime is said to be an industry worth more than $100 billion a year.

Security software company Sophos has revealed that the US relays more spam than any other country in the world.

Websites in the US are responsible for 28.4 per cent of all spam, followed by South Korea with 5.2 per cent and China, including Hong Kong, with 4.9 per cent.

Russia, Brazil and France are the fourth, fifth and sixth worst respectively for relaying spam, the Sophos report revealed.

Carole Theriault, senior security consultant at Sophos, said: ‘It seems as though a major American spammer is arrested every other week at the moment, but despite these high-profile lawbreakers being put away, the US continues to relay far more spam than any other nation on the planet.’

The spamming is not just the work of a few cyber criminals, but represents thousands of people controlling thousands of zombie computers, added Ms Theriault.

Recently, a security report from the Georgia Tech Information Security Centre warned that online videos are the new favoured way for cyber criminals to hide malicious code.