For Sale: Phishing Kit

RSA analyzes a new, universal package that lets attackers launch man-in-the-middle phishing exploits

Tim Wilson, Editor in Chief, Dark Reading, Contributor

January 12, 2007

2 Min Read

Going phishing just got a lot easier.

RSA this week said it has discovered what it calls the Universal Man-in-the-Middle Phishing Kit, an all-in-one package that provides the raw materials to launch sophisticated phishing exploits that appear to be operating on legitimate Websites.

The kit lets buyers create man-in-the-middle attacks, in which the victims communicate with a legitimate Website via a fraudulent URL set by the fraudster. This allows the fraudster to capture victims' personal information in real-time.

RSA's analysts researched and analyzed a demo of the kit that was being offered as a free trial on one of the online fraudster forums. The kit can be purchased for about $1,000, according to reports.

Using the Universal Man-in-the-Middle Phishing Kit, the fraudster creates a fraudulent URL via a simple online interface, RSA says. This URL communicates with the legitimate Website of the targeted organization in real-time. The victim receives a phishing email, and a link in the message connects to the fraudulent URL.

The victim then interacts with genuine content from the legitimate Website -- which has been "imported" by the attack into the phishing URL -- thus giving the fraudster easy access to the victim's personal information, RSA says.

RSA called the new software a "universal" phishing kit, which means it can easily be configured to mimic multiple Website targets. Fraudsters who want to initiate a phishing attack do not have to purchase or prepare a custom phishing kit for each target, RSA says. Once they acquire and operate the kit, the attack can be configured to "import" pages from any target Website.

And unlike standard phishing attacks, which only collect specific requested data such as login and card-related credentials, this attack is designed to intercept any type of user identity information submitted to the site after the victim has logged into his account, RSA says.

"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12 to 18 months," says Marc Gaffan, director of marketing for consumer solutions at RSA.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights