Computerworld – IT news for New Zealand's ICT community

Is Rock Phish cybergang set for a comeback?

Cybergang making investment in their own infrastructure, says RSA

By Ellen Messmer, Framingham | Monday, 8 September, 2008

Do cybergangs work on evil "product upgrades" to improve their crimeware and attack methods?

That's what RSA, the security division of EMC, claims is happening with the Rock Phish gang, described as an East European cybercrime group responsible for creating botnets used in phishing attacks to steal personal information.

"Rock Phish is making an investment in their own infrastructure by upgrading their botnet," says Sean Brady, product marketing manager at RSA. RSA, whose FraudAction Research Lab has posted a blog item on the topic, says the end result could be a surge in phishing attacks in the near future.

RSA claims Rock Phish, which introduced the Zeus (a/ka WSNPOEM) Trojan last April, has been making changes to its Command & Control Server by linking it with the so-called Asprox botnet. Brady says the Asprox botnet "is a more advanced fast-flux network" for propagating phishing attacks.

The Asprox botnet gained attention earlier this year when it was linked to a massive wave of SQL-injection attacks that compromised websites.

According to RSA, the number of worldwide phishing attacks dropped substantially from 13,695 in June to just 9,294 in July and 7,099 in August. RSA theorises this drop is directly due to the Rock Phish gang migrating away from its "classic Rock Phish attacks" as their effort is put into linking into the more powerful Asprox botnet. Consequently, RSA theorises that soon the number of worldwide phishing attacks may jump again very quickly.

"There will be a return to the volumes of spring and summer," Brady predicts.