Application security

Experts detect sharp hike in ‘script kiddie’ phishing tools

Almost a third of phishing attacks during February were generated by technically unskilled individuals using so-called script kiddie kits, new monitoring data has revealed.

According to SurfControl's Advanced Threat Intelligence (ATI) division, these pre-packaged kits include ready-made graphics, programming code and sample content used to generate emails capable of luring users to their malicious sites. Trend data shows that the phishing kit is widely used in various countries. ATI detected attacks targeting financial institutions throughout North America, Europe and Australia.

Based on statistics ranging from November 2004 to February 2006, ATI found that phishing attacks remained "relatively stationary," but notably spiked at the end of fiscal year 2005 where financial activities were at their busiest. An upswing in phishing attacks will likely be seen as early as May 2006. With variations in attacks already reported by both ATI and the Anti-Phishing Working Group (APWG), it is probable that 2006 will see larger, localized, targeted and specific attack campaigns.

Although spam in general was found to be declining during February, embedded spam is still very popular. Embedded spam is that in which the entire message is contained within a graphic and has no extraneous text. It often includes graphs, statistics, stock tips or images. Over 60 percent of the recent embedded campaigns were created via Outlook Express. The use of Outlook Express is a practical choice as it generates a very generic Content ID for the embedded graphics, allowing spam to blend easily with legitimate email footers in comparison to dedicated mass mailer programs.

Health-related spam continued a record climb in volume as detected by ATI in February 2006. Following closely behind, finance related spam includes an increase in embedded stock tips. In summary, both health and finance spam are equally sharing an increased volume.

Adult spam was found to be in decline, which was attributed to an increase in other, non-email means of selling adult content. As seen from February 2005 - the last peak in adult spam volume - adult spam has remained at under ten percent of the total spam volume and has declined to below five percent in 2006.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds