RSA Audit Discovers “Plug-and-Play” Phishing Trend

RSA Security, a division of EMC, revealed that its anti-fraud command center (AFCC) lab has discovered a new type of “phishing kit” that is able to compromise a bank server through a single executable installation file. According to RSA, this new “plug-and-play” phishing kit requires only a one-time access to a server, rather than traditional host attacks, which involve several visits and manual installation of PHP code files, HTML pages, plus bank and card logo images. The kit is a single PHP code file, which automatically creates directories and installs a live phishing site within two seconds, according to RSA lab tests. The discovery was disclosed in RSA’s June online fraud report, which shows that U.S.-based banks remain the target of 70 percent of all attacks. The kit was discovered in a forensic audit of a phishing incident at a single financial institution. The phishing attacks are taken down in the same manner that manually installed malware is dealt with, according to RSA.