New phishing, Zeus Trojan technique spreads crimeware

By Robert Westervelt, News Editor 22 Apr 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A new wave of attacks is combining phishing with the Zeus Trojan to steal information and spread financial crimeware, according to researchers at EMC's RSA security division.

Coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble. Uriel Maimon, senior researcher, RSA's Anti-fraud Command Center

RSA's Anti-fraud Command Center uncovered the new technique, which makes up more than 50% of phishing attacks worldwide.

Victims' machines infected with the Zeus Trojan could have their personal information stolen when it is transmitted while interacting with other websites.

The attacks come from the Rock Phish group, which is believed to be based in Europe and responsible for targeting financial institutions worldwide since 2004. So far, the phishers are using social engineering to spread the malware. About 150 variants of the Zeus Trojan are spreading in the wild, RSA said.

"Coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble," said Uriel Maimon, a senior researcher at RSA in the company's Speaking of Security blog.

Phishing attacks: Researcher warns of do-it-yourself phishing program: FaceTime malware research director Chris Boyd says his team has been trying with mixed results to take down a new do-it-yourself phishing program they found online. Phishing vs. Pharming attacks: Learn how phishing attacks differ from pharming attacks and whether or not pharming attacks still threaten, in this information security threat Ask the Expert Q&A.

Maimon said the Rock group has been responsible for developing new approaches in phishing. It was the first gang to employ botnets in its phishing infrastructure to make attacks grow larger and faster. The group also has been fairly successful in deployed new techniques to thwart spam filters, Maimon said.

The Zeus Trojan is available for sale as a crimeware kit for about $700, according to Maimon.

"This means that the Rock group did not need to develop new skill-sets to write Trojan horses; they just purchased it on the open market," Maimon said.

RSA's Online Fraud Report for March outlines the new technique. The number of targeted institutions has increased dramatically. RSA researchers said phishers are increasing campaigns geographically and into new verticals.

The Anti-fraud Command Center detected attacks against 16 financial institutions that it had not seen attacked before, according to the report. In addition, the U.S. tops the list of hosted attacks followed by Germany, South Korea and the UK.

Tags: Malware, Viruses, Trojans and Spyware,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Malware in Google attacks uses spaghetti code Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Another PDF attack targets Adobe zero-day vulnerability Security report finds rise in banking Trojans, adware, fewer viruses How to prevent rogue antivirus programs in the enterprise How to stop keylogging malware with more than basic antivirus software, firewalls Conficker-infected machines now number 7 million, Shadowserver finds FBI estimates rogue antivirus losses exceeding $150 million Security researchers continue hunt for Conficker authors Email and Messaging Threats (spam, phishing, instant messaging) Chinese hacker attacks target Google Gmail accounts, top tech firms PDF attack code complicates security analysis, skirts detection Panda warns of American Express phishing scam Active PDF attacks target Reader, Acrobat zero-day vulnerability Yahoo login credentials at risk to hijacking attack The world's top 5 riskiest domains How to secure a .pdf file Top spammer gets four years in jail for stock fraud scheme New Zeus spam poses as Social Security statements Messaging security risks have upper hand on solutions Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary