On TechRepublic: 10 cool USB flash drive tricks
BNET Business Network:
BNET
TechRepublic
ZDNet

April 21st, 2008

RSA finds new malware enhanced phishing technique

Posted by Larry Dignan @ 9:21 am

Categories: Exploit code, Hackers, Phishing, Privacy, RSA, Responsible disclosure, Spyware and Adware, Vulnerability research

Tags: Technique, RSA Security Inc., Malware, Attack, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spyware, Adware & Malware

RSA said Monday that it discovered a new phishing technique that uses elements of a malware attack to swipe personal information.

The discovery illustrates a series of attacks from the Rock Phish group, which is a gang reportedly based in Russia that has been targeting financial institutions since 2004.

Among RSA’s key findings:

  • Rock Phish attacks account for 50 percent of phishing incidents and have stolen “tens of millions of dollars” from bank accounts.
  • This is the first time crimeware has been used in a Rock Phish attack.
  • Victims of these phishing attacks get their personal data stolen and are infected by the Zeus Trojan. Double the pain for victims.

RSA’s Uriel Maimon said in a blog post:

The Rock Phish group is a phishing gang believed to be based out of Russia — and, by some accounts, is responsible for roughly 50% of phishing attacks by volume. The Rock gang has also pioneered several new approaches in phishing: in 2004 it was the first (and, for a long time, they were the only) gang to employ bot-nets in its phishing infrastructure in order to make the attacks live longer and be more scalable. It also pioneered new techniques in its spam mails so the mail could more easily evade spam filters.

Within the past few weeks there has been a new advance — the inclusion of identity theft malware (or Crimeware) into the Rock group’s phishing attacks. I have written before about the problems this type of malware poses, but coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble.

In general, the latest Rock Phish attack includes the following:

  • Victim is duped into going to a phishing site;
  • Victim is infected with the Zeus Trojan even if he or she doesn’t submit information;
  • Zeus is masked;
  • The Zeus Trojan can take screen shots, control a machine and steal passwords so even if you don’t fork over information initially the malware will get it.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 13 Talkback(s)
RE: RSA finds new malware enhanced phishing technique
The research that answers all the questions posed on this subject can be found at http://www.bloggernews.net/115279 . The... (Read the rest)
Posted by: webtech_z Posted on: 04/26/08 You are currently: a Guest | | Terms of Use
Shocked!  smartguy2@... | 04/21/08
Shocked?  BikerB | 04/26/08
Russia isn't in Baghdad,Iran,Pakistan and so on  BALTHOR | 04/21/08
no, but it does provide an env. conducive for crime  jgisme2@... | 04/21/08
And Vladimir Putin is the former head of what?  IT_Guy_z | 04/22/08
just out of curiosity ("And Vladimir Putin...")  oregonnerd13 | 04/25/08
RE: RSA finds new malware enhanced phishing technique  Greenknight_z | 04/22/08
RE: RSA finds new malware enhanced phishing technique  The Rationalist | 04/22/08
More info, please.  peter_erskine@... | 04/22/08
RE: RSA finds new malware enhanced phishing technique  jebakk | 04/22/08
RE: RSA finds new malware enhanced phishing technique  drdave@... | 04/25/08
RE: RSA finds new malware enhanced phishing technique  oregonnerd13 | 04/25/08
RE: RSA finds new malware enhanced phishing technique  webtech_z | 04/26/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here