April 22, 2008

"Rock Phish" gang adds malware download to attacks

The so-called Rock Phish group of Russian criminals has launched what one security researcher calls a "double the trouble" attack that not only tricks victims into clicking on a link in a phishing email to give up personal information but also drops a trojan on the victim's PC at the same time.

The new attacks, uncovered by the Anti-Fraud Command Center (AFCC) of RSA, combine phishing and the Zeus trojan to steal personal information and spread what RSA calls financial crimeware.

Once it infects the victim's PC, the trojan can steal personal data such as usernames, passwords and Social Security numbers transmitted while interacting with other websites, according to RSA.

The Rock Phish gang is the "most competent phishing gang out there -- it's very effective -- and has taken phishing to the next level," Marc Gaffan, director of product marketing for RSA's identity and access assurance group, told SCMagazineUS.com. "They're using their very elusive techniques to not only trick people into clicking on links, but also infecting them with a sophisticated trojan that collects information on an ongoing basis and sends it to the gang."

Gaffan said that the Rock Phish gang is responsible for 50 percent of all current phishing scams.

He said 30,000 to 40,000 phishing-related websites go up every month, so even if the click-through rate [on phishing emails] is low, with one or two people clicking, tens of thousands of people could become victims.

The Rock Phish gang is unlike a significant portion of the cybercriminals operating today because it is a closed gang operating in Russia, Gaffan said. Most groups of cybercriminals, on the other hand, participate in a broad economic system in which credit cards are bought and sold openly, he said.

The Rock Phish gang also writes its own code, launches its own attacks, and is efficient from a logistical perspective, Gaffan added.

"Its biggest fame is its ability to scale and execute thousands of phishing attacks with as little infrastructure as possible, thus making it as hard as possible to shut [them] down," Gaffan said.

Gaffan said that RSA's Anti-Trojan Service works to stop phishing attacks by shutting down both the command centers, which control phishing attacks, and the so-called drop zones, which are email accounts or websites where victims' stolen personal information is stored. These measures make the trojan worthless by eliminating its ability to update itself or transmit the stolen personal information to the perpetrators, he added.

Gaffan suggested that traditional safe computing practices are the best way to avoid becoming a victim.

"That means always having a personal firewall and updated anti-virus software and make sure you don't click on links in emails from people you don't trust,” he said.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

CISPA moves forward, but rejected amendments frustrate privacy advocates

The amendments to the threat intelligence sharing bill would have tightened controls around the corporate release of personally identifiable information to three-letter agencies, including the NSA.

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.