Saturday, 9 June 2007

Most phishing sites are kit-based

Source: Frequency X Blog
Gunter Ollmann of IBM points out that simple counts of the number of phishing incidents are now skewed by the widespread use of "phishing kits" which make it trivial to set up multiple phishing sites on a single host. For example, of the mere 3,544 new phishing sites identified by the X-Force researchers in the week prior to this report, 3,256 were associated with phishing kits (>90%). Further, the kit-based sites mapped to 100 registered domains (compared to the 288 non-kit sites that used 276 domains).


The Famous Brett Watson said...

In a follow-up post, they report that they found 114,013 new phishing sites in the week of June 11 to 18. Of those, 99.8% (all but 158) were kit-based.

The Famous Brett Watson said...

See also (at The Register) "Crooks debut 'plug and play' phishing kit". The article discusses the threat of vulnerability searching and subsequent automatic deployment of the phishing kit.