14 DAY TRIAL // A new crimeware tool distributed on the underground market enables cyber criminals to steal from fellow phishers while becoming theft victims themselves.
Called 666Auto-Whaler, the toolkit is capable of scraping phishing sites for stolen user accounts. The attacker needs only to provide the application with a phishing site URL and the application searches for files holding stolen credentials.
Since many phishing sites are created with kits that save stolen information in files with predefined locations and names, it is easy to try them out in search for the data.
"But the fun doesn't stop there! Even though there are clean versions of this tool in the wild, there are many more that have a little extra functionality under the hood.
"In these versions, as the 'whaler' is attempting to steal from the other cyber criminals, the 666Auto-Whaler tool is scouring that user's computer stealing their logon credentials," notes Fred Touchette, a security researcher with AppRiver.
The rigged versions analyzed by AppRiver were targeting credentials for the popular Runescape MMORPG. These accounts and the items found inside can offer further monetizing possibilities.
666Auto-Whaler shows that there's no honor among cyber thieves, but it isn't the first program to exhibit such characteristics. A year ago we reported about a phishing kit called Login Spoofer 2010 which created fake login pages for a number of popular websites including PayPal, Hotmail, Gmail, Yahoo!, MSN, Facebook, MySpace, Skype, CamFrog, Skyrock, Maktoob, Gamezer, Travian, RapidShare, 4Shared and MegaUpload.
However, the phishing kit had a routine that sent a copy of all stolen credentials back to its original creator, effectively making it a tool to steal from thieves. There have also been other cases in the past when cyber criminals hacked into the command and control servers maintained of other hackers and hijacked their botnets and data.