Researchers at FaceTime Communications have been trying with mixed results in recent days to take down a do-it-yourself phishing program they discovered online last week. The program is designed to help would-be phishers target those using social networking sites like MySpace and Facebook, as well as email services offered by the likes of Yahoo and Hotmail.
Since enterprise employees are increasingly spending their work hours checking personal email and visiting social networking sites, corporate IT administrators have reason to be concerned about the new phishing threat, said Chris Boyd, malware research director at Belmont, Calif.-based FaceTime.
"This underscores the need for companies to come up with some specific policies and security procedures to address how these social networking and email sites can and can't be used," he said.
Specifically, Boyd and his team found a hacking Web site where fraudsters can get their hands on automatically generated text they can then use to create phishing emails tailored to steal log-in details for popular Web mail and social networking sites. A drop-down menu on the site offered phishing email options for Hotmail, Yahoo, MySpace, Orkut, Facebook and hi5, Boyd said. FaceTime reported the finding to the site's hosting provider, which disabled access to the site on Friday. But the researchers discovered Monday morning that the hacking Web site was back online.
"Currently the hacking Web site is back online but the sites hosting fake log-in pages are still down," Boyd said. "We're still working to get it all knocked offline at this point. It's like playing whack-a-mole."
To use the do-it-yourself phishing service, the hacker only has to decide which of the victim's email or social networking services they want to go after, Boyd said. Selecting the service they want to phish and the kind of ecard message the victim should receive is as easy as using a drop-down menu. Once the victim clicks on the malicious link they are taken to a site where their sensitive data can be harvested.
When the victim enters their log-in name and password, that data is transmitted back to the main hothackerclub.com Web site the FaceTime researchers are trying to neutralize. The hacker can then watch their log-in space fill up with stolen account data.
Boyd points to a recent survey NewDiligence Research conducted for FaceTime as evidence that this is a growing problem for enterprise IT shops.
According to the survey, "Greynets in the Enterprise: Third Annual Survey of Trends, Attitudes and Impacts," eight in 10 employees confess to surfing, shopping and chatting over the company network, especially when working outside the office on a company machine.