RSA finds new malware enhanced phishing technique

Summary:RSA said Monday that it discovered a new phishing technique that uses elements of a malware attack to swipe personal information.The discovery illustrates a series of attacks from the Rock Phish group, which is a gang reportedly based in Russia that has been targeting financial institutions since 2004.

RSA said Monday that it discovered a new phishing technique that uses elements of a malware attack to swipe personal information.

The discovery illustrates a series of attacks from the Rock Phish group, which is a gang reportedly based in Russia that has been targeting financial institutions since 2004.

Among RSA's key findings:

  • Rock Phish attacks account for 50 percent of phishing incidents and have stolen "tens of millions of dollars" from bank accounts.
  • This is the first time crimeware has been used in a Rock Phish attack.
  • Victims of these phishing attacks get their personal data stolen and are infected by the Zeus Trojan. Double the pain for victims.

RSA's Uriel Maimon said in a blog post:

The Rock Phish group is a phishing gang believed to be based out of Russia -- and, by some accounts, is responsible for roughly 50% of phishing attacks by volume. The Rock gang has also pioneered several new approaches in phishing: in 2004 it was the first (and, for a long time, they were the only) gang to employ bot-nets in its phishing infrastructure in order to make the attacks live longer and be more scalable. It also pioneered new techniques in its spam mails so the mail could more easily evade spam filters.

Within the past few weeks there has been a new advance -- the inclusion of identity theft malware (or Crimeware) into the Rock group's phishing attacks. I have written before about the problems this type of malware poses, but coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble.

In general, the latest Rock Phish attack includes the following:

  • Victim is duped into going to a phishing site;
  • Victim is infected with the Zeus Trojan even if he or she doesn't submit information;
  • Zeus is masked;
  • The Zeus Trojan can take screen shots, control a machine and steal passwords so even if you don't fork over information initially the malware will get it.

Topics: Security, Malware

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.