MEDIA ALERT
Fraudsters Discovered Using Advanced ‘Next Generation’ Phishing Kits
--New database capabilities allow for more efficient mining of stolen user data--
Auckland, New Zealand, July 17, 2008 – RSA, The Security Division of EMC, today released highlights from its June 2008
monthly online fraud report. This month the findings focused on recently discovered advances in the storage, mining and
manipulation of stolen user data. According to the report, the RSA Anti-Fraud Command Centre (AFCC) discovered new
phishing kits that allow fraudsters to store stolen data in specialised MySQL databases on their phishing servers.
The main advantage of these specialised databases is that they are user-friendly, allowing fraudsters to quickly and
easily view the results of a phishing attack and manipulate the data. The newly discovered format is more efficient for
cyber-criminals as it eliminates the process of reviewing each piece of data as a text file, followed by data clean-up,
piece by piece. According to the report, the AFCC has in some cases recorded fraudsters filtering the list of victims as
well as deleting pieces of false or partial data.
Fraudsters who use these latest phishing kits easily can now manage the stolen data stored in the databases, in a
similar manner to Trojan herders and their management of Trojan logs.
Like many other fraudster innovations, these kits are not a new threat to banks or their users but simply an improvement
that makes the fraudsters' ability to use the stolen data that much easier. As a result, these kits grow in popularity
within the fraudster community and eventually become a commodity – until the next innovation!
# # #
About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the
world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's
information-centric approach to security guards the integrity and confidentiality of information throughout its
lifecycle – no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance information management and fraud protection. These solutions bring trust to millions of user identities, the
transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and
www.EMC.com.
ENDS