Ever wonder what the world of phishing is like? Neither did we, but it is actually a bit more interesting than we expected according to a research scientist for Cloudmark, who spent a few weeks getting to know the phishing community.
Not surprisingly, it seems most phishers actually get their tools from other phishers (shall we call these tools tackle?) rather than spending a lot o time developing the tools themselves. This coincides with reports that we've brought you in the past about various types of malware/virus kits that are available in some seedy corners of the Internet.
"It basically puts high-level hacking tools … into the hands of almost any Internet user—including novices—providing they have an eBay and PayPal account," said Tier-3 CTO Geoff Sweeney in a statement.
Sweeney said that where previously would-be hackers "had to score 'brownie points' to gain access to the hacker forums and source the kits"—as did Harbert—the fact that they are now on open sale on eBay is "very worrying."
Although he hasn't looked at the eBay kits, Harbert said that if what Sweeney claims is true, the ethical kits are likely being used to commit cyber-crimes. "Most ethical hacking courses focus [on] techniques, rather than hacking kits, per se," Harbert said. "But, there may be ethical hacking kits that I'm not aware of. If there are, it is almost certain that they would be leaked to the black-hat hackers and used for fraudulent activities."
Doesn't it seem odd that people who are selling scam kits that are probably targeting eBay accounts are taking PayPal payments?
Companies that sell malware kits on the open market have their kits subject to examination by security companies, and that should (in theory) result in a quick resolution and method to block further attempts to deceive users who keep their software up to date. At least, that's the theory...