Script Kiddie Bonanza – Do-it-yourself Phishing Kits!

Even a cursory Google search of the Internet for “malware” will convince you that cyber crooks are unrelenting in their chase to infect your computer.

Unquestionable, cyber crooks have steadily increased the use of custom-built websites, the manipulation of search engine results, and the exploitation of legitimate pages, all of it designed to drop malicious code including rootkits, password stealers, Trojan horses, and spam bots on your computer.

Recent statistics indicate that fifteen thousand web pages are infected daily; three times the rate of infection noted in the previous years. More disturbing, seventy nine percent of compromised web pages tracked so far this year were on legitimate web sites; including web sites owned by Fortune 500 companies, government agencies and ironically, security vendors.

Although it is not a new scheme, once again new do-it-yourself phishing kits are being made available for download free of charge from the internet according to PandaLabs, Panda Security’s laboratory for detecting and analyzing malware.

Using these highly sophisticated do-it-yourself kits, there is no need for amateur cyber crooks to be familiar with the intricacies of coding/programming, since the kits contain the graphics, web code, and the text needed to build fake websites that closely resemble the legitimate sites that are being spoofed.

To make these do-it-yourself phishing kits a complete package, spamming software is included, allowing the cyber criminal to use phishing emails as part of the entrapment process used to defraud potential victims of their banking details, personal data, credit card numbers, etc.

No doubt you are curious as to why these phishing kits are free and downloadable on the Internet. Luis Corrons, Technical Director of PandaLabs, puts in perspective: “Cyber crooks that create these free services get money later on by selling pay services, more sophisticated and customized to the user’s needs – the cyber-crooks’ ultimate goal is to get money from the infections they spread.”

Follow the tips below to protect yourself against these types of threats:

• Your bank, or any other legitimate organization, will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
• Don’t open emails that come from un-trusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an un-trusted source, simply ignore them.
• Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, I recommend that you scan your computer with a second-opinion security solution, such as NanoScan at www.nanoscan.com

Be kind to your friends, relatives and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

One particular software developer has focused on the concept of “people driven security”, an idea based on the concept of the shared responsibility we each have, to offer mutual Internet protection to each other. Web of Trust has developed an Internet Browser add-on which takes security this one step further.

The solicited opinions of users/members on a web site’s safety are incorporated into the overall site safety rating. The advantages of members’ participation in exchanging their personal knowledge about a web site, in my view, cannot be overemphasized.