Eweek reports:

RSA, The Security Division of EMC, announced Jan. 10 that it has identified a new phishing kit that was being sold and used online by hackers to target users' personal information in real time.

The article goes on to say:

RSA analysts said the phishing kit has two main benefits for hackers. One, the hacker does not have to purchase or prepare a custom phishing kit for the organization being targeted, and two, the attack can intercept any type of credentials that are sent in to the site after the user has logged into his or her account.

"While these types of attacks are still considered next-generation, we expect them to become more widespread over the course of the next 12-18 months," Gaffan [director of marketing for Consumer Solutions, RSA Security] said.

Script kiddies playing with viruses were easily dealt with. The code created by virus generators was easily identified with signature-based anti-virus detection. The problem with phishing lures is that humans are less easily trained on detecting scams.

One way to blocks these attacks is with content filters. However, if attackers find ways to avoid signature based detection then we’ll need other methods. Network analysis services, like the kind at RSA that discovered these attacks, can use data on Internet traffic patterns not generally available within a corporate network. Here is another example of situation where a security service may be a better option than an in-house solution. (For more on security as a service, see an earlier posting on the topic).