How to Deploy a Cloud Based Phishing Army

Uncovered by Imperva's Application Defense Center, the new automated cloud-based phishing kit proves to be more ingenious than the traditional schemes we already know of. This approach hosts its data collection separately from the phishing web sites, meaning hackers would only require to repost the web front end in a new location to resume its operation should there be a force shut down.

Cloud-based phishing uses a tiered approach as far as the master hacker who wrote the program is concerned. 

As the kit is being shared and distributed to proxy hackers to execute phishing campaigns of their own, it forms a single-chain network whereby information from each node is channeled back to the master, giving him the ownership and opportunity to exploit the stolen credentials collected by the rest of his undiscerning 'partners in crime' and unofficial 'employees'.

The fact is, we are dealing with a new group of hackers. Somewhat uses simple concepts such as cloud, some social-community deployment, and in this case, the master hacker does not even need to initiate a hacking campaign in order to benefit from the hacking rampage.

The kit was developed in Algeria with Arabic tutorials while the kit itself is in English.

For more information, please visit Imperva's blog (here: http://blog.imperva.com/2010/07/gnarley-new-phishing-kit.html)