-
Press Release
April 21, 2008
RSA The Security Division of EMC Discovers Rock Phish Attack Evolution
BEDFORD, MA - April 21, 2008
BEDFORD, MA - April 21, 2008 -
RSA, The Security Division of EMC (NYSE: EMC), has uncovered a new technique that combines phishing and Zeus Trojan attacks to steal personal information and spread financial crimeware.
Discovery Details
- The RSASM Anti-Fraud Command Center (AFCC) recently uncovered a new series of attacks from the Rock Phish group, launched in order to infect unsuspecting users with financial crimeware.
- The Rock Phish group is a set of criminals believed to be based in Europe who have been targeting financial institutions worldwide since 2004.
- Rock Phish attacks are estimated to account for more than 50% of phishing attacks world-wide and to be responsible for the theft of tens of millions of dollars from users' bank accounts. However, until now, the group has not deployed financial crimeware as part of its attack methodology.
- The new Rock Phish attacks combine both phishing techniques and crimeware. Victims of these phishing attacks not only have their personal data stolen – but they are then also infected with the Zeus Trojan. Once infected, the Trojan is capable of stealing additional information, such as personal data transmitted while interacting with other websites.
Mitigation
- The attacks were detected by the RSA 24x7 Anti-Fraud Command Center with support from security analysts that work on RSA's FraudAction Anti-Trojan Service team. This experienced team of fraud analysts works to detect and qualify phishing sites, shut them down, deploy countermeasures, and conduct extensive forensic work to catch fraudsters and prevent future attacks.
- The team's phishing forensics expertise enabled the AFCC to trace the malware infection resources within these attacks. RSA's FraudAction Anti-Trojan Service analysts are very familiar with the Zeus Trojan: they closely track the distribution of this Trojan, and are often able to identify the propagation of Zeus variants before they are detected by most anti-virus software tools.
- The RSA Anti-Trojan Service mitigates Trojan threats by tackling the Trojan's communication channels – including its infection, drop and ‘command & control' points – and the AFCC works to block the drop-zones. In this way, even if a user has already been infected with the Zeus Trojan, the Trojan will be unable to communicate with its drop-zone, rendering the attack much less effective.
- In addition, the source of the Zeus infection will be traced and shut down by the AFCC, and will not be usable in future phishing attacks.
- So far, RSA's FraudAction Anti-Trojan Service has detected more than 150 variants of the Zeus Trojan targeting customers of financial institutions and other organizations worldwide.
RSA's expertise
- RSA's analysts discovered, researched and analyzed this new attack as part of its ongoing fraudster intelligence and monitoring efforts. RSA continues to work with law enforcement agencies and its own financial sector customers to mitigate online fraud and threats of this nature.
- The RSA FraudAction Anti-Trojan Service provides a proactive, comprehensive approach to helping organizations fight back against the threat of crimeware and Trojans – by mitigating it at the source. Through RSA's 24x7 Anti-Fraud Command Center and an extensive global partner network, RSA delivers a layered approach to identifying, analyzing, blocking, and shutting down crimeware attacks.
Additional Information and Resources:
- Online Fraud Report:
http://www.rsa.com/document.asp?doc_id=9323 - RSA Anti-Trojan Service:
http://www.rsa.com/products/consumer/datasheets/ANTITROJ_DS_0407.pdf
http://www.rsa.com/node.aspx?id=3020 - Other Resources:
http://www.rsa.com/blog/blog.aspx?keyword=Online%20Fraud,%20Fraudsters
http://www.rsa.com/blog/blog_entry.aspx?id=1175
http://www.rsa.com/press_release.aspx?id=7922
About Dell
, a part of , enables organizations to modernize, automate and transform their using industry-leading , servers, and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a , and transform their business through the creation of cloud-native applications and solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.