RSA: Criminals testing new financial phishing tactic

Evolved attacks coming from 'Rock Phish' criminal group


This week, the security division of EMC, best known as RSA, announced it had discovered yet another phishing-style attack on users financial information.

According to RSA's Anti-Fraud Command Center, they've located attempts from the Rock Phish group of criminal hackers to deploy financial crimeware. RSA described the software as "a new technique that combines phishing and Zeus Trojan attacks to steal personal information and spread financial crimeware."

RSA said the attacks begin as phishing attacks but follow with an attempt to infect the user's computer with the Zeus Trojan that can steal additional information, including data that the user would transmit between the computer and a website.

In the company's report on this phishing-and-trojan attack, RSA noted that this is a new style of attack for the Rock Phish hackers, which have typically focused solely on phishing attempts for financial information. That's a methodology the group has pursued since 2004, says RSA, which notes that this group of criminal hackers is believed to be operating out of Europe.