How phishers launch phishing attacks

by


Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale.

Just how easy is it to launch a phishing attack nowadays? What tools, and tactics are at the disposal of phishers aiming to efficiently socially engineer hundreds of thousands of users?

In this post, I will profile the Ninja V0.4 Social Engineering Phishing Framework – an advanced platform  for executing phishing attacks in a DIY (do-it-yourself) fashion.

From managed spamming services allowing the free distribution of phishing emails, to DIY phishing kits, and phishing templates, to the quality assurance processes applied to ensure that a phishing email will bypass the anti-spam filters of a particular company, or Web-based email service provider, phishers have everything they need at their disposal, as a managed service.

Some of Ninja V0.4 Social Engineering Phishing Framework’s features include:

[+] edited tables names
[+] added xss stealer module
[+] now you got control of ip_capture module auto direction check out config.php
[+] new module_lib functions
[+] fixed install.php bug
[+] new logo banner
[+] added new phishing page facebook.login.php
[+] added search module to search in the database
[+] more security stuff
[+] added php.ini
[+] edited install.php file
[+] fixed some securityholes in database_connect.php
[+] fixed xp_sp3_all.php bug
[+] new style for exploit module
[+] added new public browsers exploits
[+] more iframes
[+] new phishing pages hotfile,xboxlive
[+] added country table for ip_capture_module and phishing_module

Screenshots of Ninja V0.4 Social Engineering Phishing Framework’s command and  control interface:

The Phishing Framework comes with built-in support and phishing pages targeting MSN, Yahoo, Gmail, YouTube, Facebook Home, Facebook Login, and Twitter. It also supports XSS, in a similar fashion like a previously profiled Web Email Exploitation Kit relying on passive and active XSS vulnerabilities within major Russian email providers.

The Phishing Framework has support for embedded javascript exploits, next to a built-in cookie stealer, capable of reproducing entire login sessions of the affected victims.

Webroot’s Security Team is currently in a process of of analyzing the Phishing Framework, in order to ensure that Webroot SecureAnywhere customers are protected from the phishing campaigns that can be launched using it.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Trackbacks

  1. [...] certain technical knowledge,or at least have the right contacts. Nowadays, everything from spam, phishing to launching malware attacks and coding custom malware is available as a service. Do you believe [...]

  2. [...] certain technical knowledge,or at least have the right contacts. Nowadays, everything from spam, phishing to launching malware attacks and coding custom malware is available as a service. Do you believe [...]

  3. [...] days, everything from spam, phishing to launching malware attacks and coding custom malware is available as a professionally packaged [...]