“In early June, the RSA Anti Fraud Command Center (AFCC) discovered a new type of phishing kit. The kit is actually a single file which creates an entire phishing site on a compromised server when “double-clicked” on, similar to “.exe” installation files. The kit was discovered through phishing forensics work by the AFCC forensics lab.

The “kit” is a single PHP code file, which is run on the compromised server once, and automatically creates the relevant directories and installs all of the files which are associated with the specific phishing site. Within seconds after running the file, a complete phishing site is “live”. During testing of the kit in the RSA phishing lab, a phishing site was installed within approximately two seconds.”

For further information: RSA June 2007 Report.