A new wave of attacks is combining phishing with the Zeus Trojan to steal information and spread financial crimeware, according to researchers at EMC's RSA security division.
RSA's Anti-fraud Command Center uncovered the new technique, which makes up more than 50% of phishing attacks worldwide.
Victims' machines infected with the Zeus Trojan could have their personal information stolen when it is transmitted while interacting with other websites.
The attacks come from the Rock Phish group, which is believed to be based in Europe and responsible for targeting financial institutions worldwide since 2004. So far, the phishers are using social engineering to spread the malware. About 150 variants of the Zeus Trojan are spreading in the wild, RSA said.
"Coupled with the robust infrastructure the Rock group has at its disposal, this is more than double the trouble," said Uriel Maimon, a senior researcher at RSA in the company's Speaking of Security blog.
Maimon said the Rock group has been responsible for developing new approaches in phishing. It was the first gang to employ botnets in its phishing infrastructure to make attacks grow larger and faster. The group also has been fairly successful in deployed new techniques to thwart spam filters, Maimon said.
The Zeus Trojan is available for sale as a crimeware kit for about $700, according to Maimon.
"This means that the Rock group did not need to develop new skill-sets to write Trojan horses; they just purchased it on the open market," Maimon said.
RSA's Online Fraud Report for March outlines the new technique. The number of targeted institutions has increased dramatically. RSA researchers said phishers are increasing campaigns geographically and into new verticals.
The Anti-fraud Command Center detected attacks against 16 financial institutions that it had not seen attacked before, according to the report. In addition, the U.S. tops the list of hosted attacks followed by Germany, South Korea and the UK.