back to article Phishing coders hook clueless crooks

Cheapskate fraudsters hoping to run phishing scams for peanuts have themselves been hoodwinked. Security watchers have spotted a free phishing kit containing a hidden backdoor that siphons off stolen credentials from the fraudsters who use the technology. Script kiddies are unlikely to twig that captured credit card numbers …

COMMENTS

This topic is closed for new posts.
  1. George Johnson

    Rats

    Quite fun for a change, to watch a bunch of rats in a sewer, turning on their own.

  2. Chris Cheale

    *blinks*

    What an astonishingly apt analogy:

    http://www.theregister.co.uk/2008/01/24/h20_sewer_rollout/

  3. dervheid
    Pirate

    Not rats...

    As far as I recall, rats don't have the nous to enlist the assistance of less intelligent rodents to unwittingly do their dirty work for them.

    Still, it adds weight to the adage "If it sounds to good to be true, it probably is!"

  4. Keith T
    Pirate

    The Biter Bit -- Fleas?

    "Great fleas have little fleas upon their backs to bite 'em,

    And little fleas have lesser fleas, and so ad infinitum.

    And the great fleas themselves, in turn, have greater fleas to go on;

    While these again have greater still, and greater still, and so on."

  5. Anonymous Coward
    Anonymous Coward

    Par for the course

    The 'script kiddies' have always been the Artful Dodgers and Oliver Twists, to the Fagans that are malware authors.

    Open Source pen tools, are perhaps the exception, but it has been common practice to lace closed source exploitation tools to in some way skim the cream of other's whilst they crack.

    Most of the times it is in sending back data, but it does get used to cover tracks as well. A new exploit in the wild is useful, but if you are the only one who knows about it, using it can paint a big target mark to your door. A release of a script prior to a crack attempt on a targeted system can detract attention, and make it look like an unfortunate incident as opposed to a direct attack.

    There is a lot of misinformation in the security world, primarily because misinformation is yet another tool of security. Whilst obviously not all malware contains backdoors itself, the fact that a lot does tends to make it a little riskier to use the stuff. Some people will always just want to crack though, and the tools offer a quick but dangerous inroad for themselves, most of the time they will not be aware of the risk they are taking, most tools don't stop at siphoning data, they tend to backdoor the machines and leave command and control capability in the malware authors' hands.

  6. Anonymous Coward
    Anonymous Coward

    So who wins

    if I were the wiley hacker I would not hand all the card data the script gleaned to the skiddees and I might mung it a bit to keep them from ruining it's usefulness for me. One things for sure though the card holders and their banks aren't winning.

This topic is closed for new posts.