Not much news to those who track phish kits, but a bit of poetic justice here in this academic paper:
The most recent step in the commoditization of phishing was the distribution of free phishing kits. These kits are actively advertised and distributed at no charge. However, as the economist Milton Friedman would have pointed out [6], there is no free lunch in the underground economy. Often, free phishing kits hide backdoors through which the phished information is sent to recipients (probably the original kits’ authors) other than the intended ones. In other words, far from being a display of generosity on behalf of the authors, free phishing kits respond to rational economical motivations. That is, kits’ authors minimize the effort and risks associated with deploying the phishing site and attracting victims, and maximize their return on investment by harvesting the work of unwitting users.
Link: html, pdf (via John LaCour at Mark Monitor)
Alex Eckelberry