One of the things that MarkMonitor does in an effort to improve our services is track the latest tactics of the bad guys whether it be phishers, domain squatters, or any other brand-abuser. In the world of phishing especially, the fraudsters are always evolving.
At this weeks’ Usenix WOOT conference, Marco Cova, Christopher Kruegel, and Giovanni Vigna of UCSB published a paper discussing how most phishing kits have backdoors installed in them. This has been going on for some time actually. The authors of the phishing kits are using programming techniques to hide instructions that copy them on all stolen information. Netcraft blogged about Mr. Brain doing this early this year but this is the first research which looks at how often it happens.
Some key results:
¢ 40% of phishing kits are backdoored
¢ Almost all send stolen information to an email address
¢ More than half send stolen information to the two largest free email service providers
Read the complete paper here.”