Bouncer kit perfect for laser-focused phishing campaigns
Posted on 16.01.2013
Researchers have unearthed a new type of phishing kit that allows crooks to target specific users and keep away others in order to keep the scheme hidden from knowing eyes and security firms for as long as it's possible.

"The bouncer phishing kit targets a preset email list for each campaign. A user ID value is generated for the targeted recipients, sending them a unique URL for access to the attack," Limor Kessem, Cybercrime and Online Fraud Communications Specialist at RSA, explained in a blog post.

"Here’s the interesting part – much like a night club’s bouncer list – any outsider attempting to access the phishing page is redirected to a '404 page not found' error message. Unlike the usual IP-restricted entry that many older kits used, this is a true—depending on how you look at it—black hat whitelist."

As other, non specified potential visitors are "turned away", those at whom the attack was aimed are immediately faced with an attack page on the same hijacked website. The credentials submitted to and collected from this page are sent to the attackers.

Kessem points out that the kit is perfect for "laser-focusing" a spear phishing campaign and can be easily used in APT-style attacks.

The phishing campaign that brought the "bouncer" kit to the researchers' attention targeted some 3,000 recipients. The list of the targeted addresses contained a "mixed bag of webmail users, corporate addresses, and even some bank employees – which indicates that it was likely an aggregation of a few spam lists or data breach collections."

Apart from keeping a critical mind when perusing emails and evaluating login pages, there is not much targeted users can do to stop such attacks.

Kessem advises webmasters to make an effort to prevent attackers from easily hijacking their websites. Unfortunately, there are always those who don't know how or don't care about it, and "unguarded" sites will often "fall" and become compromised.






Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //