RSA said Monday that it discovered a new phishing technique that uses elements of a malware attack to swipe personal information.
The discovery illustrates a series of attacks from the Rock Phish group, which is a gang reportedly based in Russia that has been targeting financial institutions since 2004.
In general, the latest Rock Phish attack includes the following:
- Victim is duped into going to a phishing site;
- Victim is infected with the Zeus Trojan even if he or she doesn’t submit information;
- Zeus is masked;
- The Zeus Trojan can take screen shots, control a machine and steal passwords so even if you don’t fork over information initially the malware will get it.
Among RSA’s key findings:
- Rock Phish attacks account for 50 percent of phishing incidents and have stolen “tens of millions of dollars” from bank accounts.
- This is the first time crimeware has been used in a Rock Phish attack.
- Victims of these phishing attacks get their personal data stolen and are infected by the Zeus Trojan. Double the pain for victims.
RSA, Phising, Malware, Intrusion, Hacking, Personal Information, Security, Internet Security, Web Security, Cyberthreats, Spam, Worms, Spyware, Adware