The Microsoft security team announced that they have discovered a massive e-fishing business using a Phishing-as-a-Service (PHaaS) model.
In hacker circles the service is known as BulletProofLink, BulletProftLink or Anthrax and is currently being advertised in underground forums.
The service is an evolution of "phishing kits", which are collections of pages and e-fishing templates that mimic the connection forms of well-known companies.
But BulletProofLink takes phishing to a whole new level, providing additional built-in hosting and email services.
Customers who sign up for the BulletProofLink portal pay a fee of $ 800 and BulletProofLink administrators do everything else for them.
These services include creation μιας ιστοσελίδας ηλεκτρονικού “ψαρέματος”, την εγκατάσταση προτύπου ηλεκτρονικού “ψαρέματος”, τη διαμόρφωση του domain (διευθύνσεις URL) για τους phishing ιστότοπους, την αποστολή πραγματικών messages phishing the desired victims, collecting credentials from the attacks, and then delivering the stolen data to the “clients” at the end of each week.
If customers want to diversify their e-fishing standards, the BulletProofLink gang also has a separate store offering new standards, with prices ranging from $ 80 to $ 100 per standard.
About 120 different e-fishing standards are currently hosted. In addition, the site hosts tutorials to help customers use the service.
Microsoft describes the service as technically advanced, and the team behind it often uses compromised websites to host phishing pages.
The BulletProofLink gang has sometimes been observed tampering with the DNS records of compromised websites in order to create subdomains on trusted websites to host phishing pages.
“In research phishing attacks, we encountered a campaign that uses a fairly large volume of newly created and unique subdomains – over 300.000 for a single run,” he says Microsoft, highlighting the huge scale of BulletProofLink PHaaS.
