The ease of use and availability of tools used for malicious schemes have always been a problem for security companies, since these greatly contribute to the quick proliferation of codes and files that can affect Internet users. Web sites that represent an individual or group of individuals giving away free code and software for the whole community to use as they please are available almost anywhere.
Netcraft recently reported of a certain “Mr. Brain” — actually a group of Moroccan fraudsters who recently launched a dedicated Web site for free phishing kits that anyone can use for their phishing activities. They lure interested parties by packaging the code as “easy-to-use” and “programmer-friendly,” since only a requirement on basic programming is needed to deploy this kit. Visitors of this site would hardly think twice in going for the bait, but upon closer inspection, it turns out that, though powerfully alluring, most good things are just too good to be true.
Certain codes were found to reveal the true nature of the email addresses where the phished information are to be sent once they were retrieved from the phishers’ victims: though the phished information are sent to the phishers, a copy of the phished information is also covertly sent back to Mr. Brain. Further analysis reveals what look like Mr. Brain’s email addresses from these code snippets:
<input type=”hidden” name=”niarB” value=”32970696f6e6565722e627261696e40676d61696c2e636f6d” />
<input TXItQnJhaW5ARXZpbC1CcmFpbi5OZXQ=”);?>” name=”Send” type=”hidden” />
These code segments translate to the email addresses where the stolen information is sent.
Suffice it to say that the phishers who thought they had their victims didn’t know they have been had by Mr. Brain. This con saves Mr. Brain the more arduous task of hacking and compromising Web sites and deploying the phishing pages by himself: clearly a classic one-uppance the likes of which have never been seen before with regard to online theft.
Research Project Manager Ivan Macalintal itemized the following banking and other establishments that can be affected by the Mr. Brain phishing scheme:
Further investigation reveals that these phishing kits are now being actively used. More information will be povided regarding this so stay tuned to this post. Investigation about this operation is currently underway, and the authorities have been contacted for the proper action regarding this.
Thanks to Ivan Macalintal and Senior Threat Analyst Robert McArdle for providing information