New and Sophisticated Phising attacks traced to Rock Phish

Phishing has now arrived in a novel form. phishing is now crafted to strike on international customers to make it look different than the earlier scams.

According to Wikipedia, the Rock Phish Kit is a device in popular use that enables people without technical expertise to plan and implement phishing attacks. But security experts disagree with this definition. They think that in reality Rock Phish, is an individual or a group of individuals who are responsible for as much as 50%of the phishing being perpetrated nowadays.

Rock Phish doesn't concentrate on the two most common targets of phishing, PayPal and eBay. Instead, It chooses to target European and U.S. financial institutions. In the last tally, the group had put to its use 44 brands from companies in nine countries, dispatching e-mail messages that attempt to dupe receivers into visiting fake Websites and giving personal information like passwords and credit card details. Rock Phish has duped Citibank, Barclays, E-Trade, Deutsche Bank and many others.

Security experts surmise that Rock Phish is operated by a tiny set of technically skilled criminals -- probably about a dozen hackers -- who create phishing Websites, take care of the domain name registration and make certain that the pilfered financial information is channeled into a central server, which researchers term "the Mother Ship."

Rock Phish utilizes a network of compromised computers to guide Web visitors to the Mother Ship. The hackers have been especially successful in taking advantage of the decentralized character of the Internet for their criminal enterprises. One trick that has really paid off has been to set up new phishing addresses in country domains with low usage. Researchers believe that law enforcement and phishing takedown groups may not have firmly-grounded contacts in such places.

In the interval between establishment of contact with the domain name registrars and getting them to note down the deceitful Web domains, Rock Phish can keep collecting information. Symantec's Ramzan says that the group is a trendsetter in phishing space. Any new technique that makes an appearance can be traced in its origins to the Rock Phish group."

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 12/20/2006