New phishing, Zeus Trojan technique spreads crimeware

By Robert Westervelt, News Editor 22 Apr 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A new wave of attacks is combining phishing with the Zeus Trojan to steal information and spread financial crimeware, according to researchers at EMC's RSA security division.

Coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble. Uriel Maimon, senior researcher, RSA's Anti-fraud Command Center

RSA's Anti-fraud Command Center uncovered the new technique, which makes up more than 50% of phishing attacks worldwide.

Victims' machines infected with the Zeus Trojan could have their personal information stolen when it is transmitted while interacting with other websites.

The attacks come from the Rock Phish group, which is believed to be based in Europe and responsible for targeting financial institutions worldwide since 2004. So far, the phishers are using social engineering to spread the malware. About 150 variants of the Zeus Trojan are spreading in the wild, RSA said.

"Coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble," said Uriel Maimon, a senior researcher at RSA in the company's Speaking of Security blog.

Phishing attacks: Researcher warns of do-it-yourself phishing program: FaceTime malware research director Chris Boyd says his team has been trying with mixed results to take down a new do-it-yourself phishing program they found online. Phishing vs. Pharming attacks: Learn how phishing attacks differ from pharming attacks and whether or not pharming attacks still threaten, in this information security threat Ask the Expert Q&A.

Maimon said the Rock group has been responsible for developing new approaches in phishing. It was the first gang to employ botnets in its phishing infrastructure to make attacks grow larger and faster. The group also has been fairly successful in deployed new techniques to thwart spam filters, Maimon said.

The Zeus Trojan is available for sale as a crimeware kit for about $700, according to Maimon.

"This means that the Rock group did not need to develop new skill-sets to write Trojan horses; they just purchased it on the open market," Maimon said.

RSA's Online Fraud Report for March outlines the new technique. The number of targeted institutions has increased dramatically. RSA researchers said phishers are increasing campaigns geographically and into new verticals.

The Anti-fraud Command Center detected attacks against 16 financial institutions that it had not seen attacked before, according to the report. In addition, the U.S. tops the list of hosted attacks followed by Germany, South Korea and the UK.

Tags: Malware, Viruses, Trojans and Spyware,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary