- This type of crime, which accounted for million of dollars in losses last year, could increase yet further thanks to these tools
GLENDALE, Calif., May 7 /PRNewswire/ -- PandaLabs, the malware detection and analysis laboratory at Panda Security, has discovered several free phishing kits on the Internet which allow cyber-crooks to send out fraudulent emails.
These tools allow cyber-crooks to spoof bank pages and emails, online pay platforms, Gmail and Yahoo!Mail mail accounts, online games (Xbox password theft) and blogs (Fotolog access credentials).
"The really amazing thing is, these kits are free," explains Luis Corrons, Technical Director of PandaLabs. "Due to the simplicity of the tools, the number of phishing attacks increases, causing companies and consumers large losses. According to a study conducted by Gartner, phishing attacks caused U.S. consumers losses for US$3.2 billion in 2007*".
These kits operate as follows: upon accessing a URL that contains the kits, users obtain the files to create a fraudulent mail; one file allows them to spoof mails of banks, pay platforms etc., and the other allows them to create a fraudulent page that resembles the original. Additionally, the kit includes a PHP program, which is also free, to send emails from the spoofed page.
The rest of the process is similar to other phishing cases: the false email is sent to several mail addresses, with a link to a malicious page in which users are requested to enter the data cyber-crooks are after; email addresses, bank passwords, etc.
"To obtain email addresses to spam, cyber-crooks buy lists of addresses on the Internet, although some are free," claims Luis Corrons, who adds: "if we add free hosting services, the result is, cyber-crooks launching phishing attacks for no cost whatsoever".
Cyber-crooks can also choose the way in which to receive the stolen data; TXT files stored on a server, a message in their mailbox, etc.
For more information, go to the PandaLabs blog. http://www.pandalabs.com/
* http://tinyurl.com/47aytt
About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.
Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.
More information is available in the PandaLabs blog: http://www.pandalabs.com/
PandaLabs
