4 of 5Image
RSA and its ISP and internet gateway partners look for evidence of Trojan attacks on malicious websites, fraudster chat rooms and by scanning emails.
When RSA finds evidence that a Trojan is being used to steal details from one of its clients' customers, for example a customer of an online bank, it forwards a copy of that Trojan to the AFCC. Here software will attempt to match the software to a list of previously identified Trojans.
Once detected, the Trojan is sent to the AFCC where RSA software attempts to match crimeware to previously identified Trojans.
After it has been matched, the Trojan is sent to an RSA engineer who will reverse engineer it.
The engineer will find out the IP address of the machines being used to host the infected websites or send out infected emails, as well as the address of the machines where stolen information is being sent to and the address of those machines being used to give additional commands or updates to the Trojan.
RSA staff will then contact the relevant ISP or domain registrar to block access to all of these locations, preventing new machines being infected and fresh details from being stolen.
Photo credit: Nick Heath/silicon.com