FYI...Increased deployment of Phishing Kits
February 23, 2006
"Websense® Security Labs is seeing a significant increase in the number of Phishing kits used to host multiple target brands on a single host and deploy similar attack code on several machines. Currently the most popular is being referred to as the "Rock Phish Kit". The kit appears to have surfaced around November of 2005, but the frequency of its use is growing.
* Sites often use either an IP address or a fraudulent domain name.
* Sites usually have /rock/ or /r/ in the URL path, followed by an alpha character.
* Quite often the letter after the /r/ matches the target name (e.g., ...www.samplerockphish.com/r/b = barclays).
* Sites are usually hosted in Asia.
* Sites use the same PHP script to post the data.
...we have included screenshots from a recent site that was hosting 6 target brands.
/a/ -> Alliance & Leicester
/b/ -> Barclays
/c/ -> Citibank
/d/ -> Deutsche Bank
/e/ -> eBay
/h/ -> Halifax ..."(Screenshots available at the URL above.)