Phishing Made “Super”
- Monday, March 1, 2010, 18:20
- Threat Research
Phishing and its effects, namely, identity fraud, continue to grow. Unfortunately, it is now easier than ever to carry out these kinds of attacks.
Cybercriminals are now using a new tool known as “Super Phisher” (detected by Trend Micro as HKTL_SUPERPHISER) has been released, which creates a phishing page from a legitimate website.
The tool creates all the files necessary for the phishing page such as an .HTML file that contains the actual page, and a .PHP file, which steals information and saves the stolen data to a .TXT file. In the screenshot below, note how the HTML page’s code refers to the local .PHP file and not the legitimate site (in this case, Yahoo!).
A would-be phisher then takes all the files and uploads these to a website under his/her control. This site could be a malicious, compromised, or even a free Web host that the phisher is abusing. It is then up to the phisher to lure users to the site he/she created.
While this tool allows cybercriminals to create phishing pages with greater ease and less time, thus producing more timely attacks, as needed, users can still take steps to protect themselves.
While the pages (continue reading...)