Menu
ABA Banking Journal Home
Menu
 
 
RSA, security division of EMC, discovers "Rock Phish" Technique to Steal Personal Information and Spread Financial Crimeware
 
Discovery
The RSASM Anti-Fraud Command Center (AFCC) has recently uncovered a new series of attacks from the Rock Phish group, launched in order to infect unsuspecting users with financial crimeware.

The Rock Phish group is a set of criminals believed to be based in Europe who have been targeting financial institutions worldwide since 2004.

Rock Phish attacks are estimated to account for more than 50% of phishing attacks world-wide and to be responsible for the theft of tens of millions of dollars from users’ bank accounts. However, until now, the group has not deployed financial crimeware as part of its attack methodology.

The new Rock Phish attacks combine both phishing techniques and crimeware. Victims of these phishing attacks not only have their personal data stolen – but they are then also infected with the Zeus Trojan. Once infected, the Trojan is capable of stealing additional information, such as personal data transmitted while interacting with other websites.

Mitigation
The attacks were detected by the RSA 24x7 Anti-Fraud Command Center with support from security analysts that work on RSA’s FraudAction Anti-Trojan Service team. This experienced team of fraud analysts works to detect and qualify phishing sites, shut them down, deploy countermeasures, and conduct extensive forensic work to catch fraudsters and prevent future attacks.

The team’s phishing forensics expertise enabled the AFCC to trace the malware infection resources within these attacks. RSA’s FraudAction Anti-Trojan Service analysts are very familiar with the Zeus Trojan: they closely track the distribution of this Trojan, and are often able to identify the propagation of Zeus variants before they are detected by most anti-virus software tools.

The RSA Anti-Trojan Service mitigates Trojan threats by tackling the Trojan’s communication channels —including its infection, drop and ‘command & control’ points—and the AFCC works to block the drop-zones. In this way, even if a user has already been infected with the Zeus Trojan, the Trojan will be unable to communicate with its drop-zone, rendering the attack much less effective.

In addition, the source of the Zeus infection will be traced and shut down by the AFCC, and will not be usable in future phishing attacks.

So far, RSA’s FraudAction Anti-Trojan Service has detected more than 150 variants of the Zeus Trojan targeting customers of financial institutions and other organizations worldwide.
 
RSA’s expertise
RSA’s analysts discovered, researched and analyzed this new attack as part of its ongoing fraudster intelligence and monitoring efforts. RSA continues to work with law enforcement agencies and its own financial sector customers to mitigate online fraud and threats of this nature.

The RSA FraudAction Anti-Trojan Service provides a proactive, comprehensive approach to helping organizations fight back against the threat of crimeware and Trojans – by mitigating it at the source. Through RSA’s 24x7 Anti-Fraud Command Center and an extensive global partner network, RSA delivers a layered approach to identifying, analyzing, blocking, and shutting down crimeware attacks.
 
About RSA
RSA, The Bedford, Mass.-based Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention & encryption, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

RSA is either a registered trademark or trademark of RSA Security Inc. in the United States and/or other countries. All other products and/or services mentioned are products of their respective companies.

Sections

About Us

Connect With Us

Resources