An unidentified online criminal organization "Rock Phish" involved in half of the world's phishing attacks



Prompt to the page of fake and steal passwords of online banking "Fishing". In fact this phishing attack carried out worldwideHalf involvedIt is said that a mysterious online criminal organization that has caused 100 million dollars (about 10.6 billion yen) of damages by banks alone,Rock Phish"is.

They are a small number of expert technology criminal groups composed of a very small number of people, and it is speculated that the number of members is about 12, and the information obtained by the phishing attack is collected in a central server called "Mother Ship" , IRC, etc. are used to buy and sell to traders.

Let's approach the figure of this mysterious criminal organization. Details are as below.
Rock Phish - Wikipedia, the free encyclopedia

They originally originated from Romania, and it seems that they conducted infrastructure development of the botnet used for phishing attack last month. Since activity declined only during that period, it has been confirmed that the number of phishing attacks of the whole net has halved.

Phishing fraud halved, cause is infrastructure improvement of criminal organization "Rock Phish": ITpro

Security company's RSA security announced the trend of phishing scams in August 2008 based on the observation data of September 26, 2008. According to it, 7099 phishing attacks (fake site for phishing scams) confirmed worldwide by the company, recently "Recording little". The cause is speculated that the online criminal organization "Rock Phish" is in the process of upgrading the attack infrastructure (botnet).

There are many things to combine various methods and to devise existing defense methods by devising ideas, but the method is quite distinctive. The following pages explain the already known methods.

Mental attitude towards Rock Phish: ITpro

The current base is in EuropeIt seems that attack power is not only on the net.

Security experts reveal unidentified phishing group "Rock Phish": Security - Computerworld.jp

Even security experts who reluctantly and respectfully give Rock Phish one after another generating new attack methods. Among the companies / individuals who requested coverage for writing this paper,Some refused to interview for fear of physical attacks from Rock Phish.

In short, the reality is uncertain as ever, and its influence seems to be awful. Even security experts sometimes developed a new method that did not make it imaginable, and it seems that we have also developed a special toolkit for performing phishing attacks called "Rock Phish Kit" at famous places. You can see how it looks with the following movie.

YouTube - Phishing Demo - Rock Phish Kit


In addition,RSA Online Fraud Status Report March 2008Some of the methods of "Rock Phish" are explained in the PDF file, and anti-spam filter is avoidedHash busterIt is described about the method called ".

A hash-buster is a technique to add random text to each e-mail to create a unique message, so that a unique hash is sent for each message. Since this random text is added as hidden content in phishing e-mails, anti-spam filtering makes it difficult to judge that e-mail as spam.

Most anti-spam tools calculate their message hashes when they detect spam e-mails, analyze similar e-mails with anti-spam filters, and block them. This behavior is possible because both e-mails have the same hash value, but in Rock Phish's spam e-mail each e-mail is unique due to hidden random text Go through most anti-spam filters. For example, the text below is taken from such an email.

Although it is quite a pally means, it seems that it is aiming at a thin layer of interest in security by effectively combining these basic attacks.

Among them, will powerful ones of these online criminal organizations appear in Japan ...?

in Note,   Video, Posted by darkhorse