Following a recent post commenting on changing phishing tactics, more evidence of web site defacement groups' vertical integration in the underground market in respect to hosting phishing pages on the defaced hosts, is starting to emerge. Take for instance yet another currently live phishing page - bamaangels.net/photogallery/content/Models/Brigitte/boa. The site is known to has been defaced in the past, and it looks like it's been re-defaced again, this time hosting a single phishing page within, compared to the examples I provided in a previous post. The current defacement located at - bamaangels.net/photogallery/content/Models/Brigitte/deface.htm - reads :

"Defaced by Zeus ;) contacto: z3us @ live.com Saludos: Juan Pablo :D"

The fact that web site defacements groups are going into phishing, and as we've already seen numerous times, abusing the access to the host to serve malware, with their malicious economies of scale type of automated defacement approaches and web application vulnerabilities exploitation, this is only going to get worse. One thing's for sure - phishers, spammers, malwaware authors, and now web site defacements groups are consolidating, or even if there are exceptions, those exceptions are figuring out how to vertically integrate and build the capability to participate in multiple malicious activities simultaneously.