Hackers launch DIY phishing kit

Hackers have launched a website which allows users to construct phishing pages for social networking and webmail sites.

The site was found by researchers at security firm FaceTime, and targets networking sites such as MySpace, Facebook and Google's Orkut, and webmail services including Hotmail and Yahoo Mail.

The page allows would-be hackers to build a special email which can be sent to one or more victims.

The user selects an email template and a site to target, then designs an email greeting card which is sent to the victim. The e-card leads to a phishing site impersonating the domain.

Any log-in credentials stolen by the site are then forwarded to a page which can be accessed by the user.

"It tells you numerous pieces of information, including the number, date and type of account compromised, so the budding hacker can keep a running total of their exploits," wrote FaceTime malware research director Chris Boyd in a company blog.

The researchers contacted the company hosting the site, which was initially taken down. However, a FaceTime spokesperson said that the site was back online at 1:30pm Pacific time on 28 January.

Boyd advised users to be wary of any apparent social networking or webmail site linked from an email greeting card.

"If in doubt, right-click the live link in the email and check what domain it points to," he wrote. "Otherwise, you might end up on a hacker's rapidly growing trophy list."