Thanks to Mark for sending this over, but there is a new phishing kit that acts as a man in the middle. According to the article the phishing kit simply acts as a PHP proxy to forward any requests directly through the proxy. That way it can detect anything you are typing or defeat any systems like sitekey that require that you see the image in question.

I can’t exactly say this is a major leap forward, because I’ve seen phishing sites that have similar levels of sophistication in automatic detection of whether the username/password was correct by checking in real time. However, this does represent a new variant that could render a lot of the more snake oil security products virtually useless. The one major disadvantage with this system is that it has to reside on a host and if the same IP is used over and over and over, that could set off a lot of alarms. Interesting nonetheless.

This entry was posted on Friday, January 12th, 2007 at 11:47 am and is filed under Webappsec, Phishing. You can leave a response as well.