What’s the deal?

in the past week or two, the anti phishing community has been buzzing with this. now it is public and i can finally shout my frustration:
so, we have phishing sites which are doing man-in-the-middle in real time, between the phished site and the phished user.
how is that news?

regular phishing works like so:
victim >> fake site >> real site

middle, see?

now, in most cases in the past, this process was not automatic, and in most cases – it won’t be. distribution across ip addresses, choosing what accounts are worth it to steal from, choosing money mules, etc. is far easier to do off-line.
that said, this isn’t new, it’s just… yet another kit. am i excited about a new kit? kinda. is this big news? no.

why you ask? as this real-time phishing using mitm attacks has been happening for years now using phishing or banking trojan horses. the best we can describe happened is that the technique was now incorporated into older email-based phishing, as well.

new? okay, maybe if we push it. exciting? so-so.

gadi evron,

  • me

    your blog posts are exciting.

  • Anonymous

    Thanks a lot for your post !

  • blerg

    Gime a break. RSA did a pr so its news.

  • http://www.nastynerds.com MERLiiN

    Old news, but still news. One of the first traditional phishing sites I ever shut down used some very basic MiTM techniques, that was almost two years ago..