MEDIA ALERT
Media Alert: RSA AFCC detects new customised Rock Phish Trojan targeting business bankers
Auckland, New Zealand, June 17, 2008 – RSA, The Security Division of EMC, today released highlights from its online fraud report for May 2008. This month the
RSA Anti-Fraud Command Centre (AFCC) detected a new Rock Phish attack variant which aims to infect victims with a new
and unfamiliar Trojan. RSA had not seen this particular crimeware before, and has not seen it used by any other group.
It is believed to be the custom work of the Rock Phish gang.
The AFCC noted that The Rock Phish attacks containing the new Trojan are aimed at the business account holders of
several financial institutions. Victims of these phishing attacks are duped into downloading a Trojan which infects
their computers when they visit the last page of the Rock Phish scam. Some social engineering text on this final page is
designed to convince the victim to download a "certificate" file which will update their computer. The subterfuge is
that the certificate will supposedly enable the user to successfully access his/her online banking account in the
future. When in fact the crimeware allows fraudsters to extract information and filter it as it arrives at the drop
point. It is also interesting to note that the fraudsters capture ICQ usernames and passwords, and FTP credentials. In
order to protect itself from security researchers and reverse-engineering the crimeware's communication with the mother
ship is encrypted.
The above details suggest that the Trojan in question is not a familiar one, but rather a new Trojan recently introduced
by the Rock Phish gang alone. In addition, the social engineering infection vector is one that had not previously been
used by the Rock group.
# # #
About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the
world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's
information-centric approach to security guards the integrity and confidentiality of information throughout its
lifecycle – no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance information management and fraud protection. These solutions bring trust to millions of user identities, the
transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
About The Rock Phish Gang
The notorious Rock Phish gang is a group of cyber criminals that is responsible for extremely large volumes of phishing
scams. It is estimated that the gang's activities account for over 50% of all phishing attacks worldwide, and the group
is believed to have skimmed tens of millions of dollars from the bank accounts of unsuspecting victims. A large number
of financial institutions have been targeted by the Rock Phish gang, including some of the world's leading banks.
ENDS