Symantec Global internet Security threat report
On the other hand, defacement-based phishing toolkits do not require the registration of domains or DnS servers, so they are easier to set up. Defacement-based phishing toolkits require a phisher to compromise existing Web pages, after which the phisher can simply upload the page of the spoofed brand. Defacement-based toolkits are often favored by phishers because of their ease of use and the fact that they can piggyback on the reputation of the original domain. For example, in 2009 Symantec detected many image-hosting sites that were compromised and used for phishing attacks.
Phishing toolkit 1 Phishing toolkit 2 Phishing toolkit 3 Phishing toolkit 4 Phishing toolkit 5
Figure 14. Automated phishing toolkits Source: Symantec
phishing Kit 5 appeared in May 2009. it was responsible for 20 percent of that month’s phishing attacks, followed by 32 percent in June and 17 percent in July. After this spike, its usage dropped to less than two percent and then it vanished completely. Volume Xiii of the Symantec Global Internet Security Threat Report discussed this tendency and noted that the rapid change in preferred toolkits is likely driven by a need for phishers to adapt and constantly change the toolkits they use to avoid detection by antiphishing software.190 this is likely the driving factor behind the dramatic upward spike and subsequent decline of many toolkits. Moreover, this specific attack used one single domain, which made it easier for security companies to block once it was detected.
On average, each of the top five phishing kits was responsible for nearly 5 percent of all the attacks observed in 2009, with small fluctuations over time. Overall, there was an increase in the total number of different phishing kits used. Most kits are becoming more sophisticated in an attempt to make it harder for security researchers and users to detect them.
h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i i i _ 0 4 - 2 0 0 8 . e n - u s . p d f : p . 7 3