Rock Phish - The source of danger of the Internet

Phishing is now a familiar concept in the Internet user community. But perhaps the Rock Phish concept is not so popular.

However, security experts claim that Rock Phish is actually more of a concern than phishing attacks. Because it is the root of most phishing attacks, as well as the author of a series of sophisticated phishing tricks.

Rock Phish is .

The first thing you need to know about Rock Phish is "there is no one who knows exactly what it is, or who is behind it and running it ."

Wikipedia defines Rock Phish Kit as follows: " A fairly popular tool designed with the goal of helping both non-technical people can carry out phishing attacks ".

Security experts say that definition is completely wrong. They claim that Rock Phish is an individual or a group of organized people responsible for more than half of the number of phishing attacks that have been taking place worldwide.

The main trick of phishers is to trick victims into providing them with sensitive personal information by using fake websites that are identical to a bank's or a online store. online. This is a very attractive form of attack for cyber criminals, because the profit it brings is huge.

Research firm Gartner estimates that over the past year, the damage that online fraud has caused to US consumers and businesses has reached $ 2.8 billion. On average, each victim must bear the equivalent of 1,244 USD.

But so far, no one has known what Rock Phish is, where it exists and whether it only works on a country or a country.

" They are the Phishing Keyser Söze ," said Zulfikar Ramzan, senior researcher with Symantec Security Response. (Keyser Söze is a pillar of the underground crime world in the movie The Usual Suspects released in 1995).

" They are taking actions that terrify Internet users worldwide ."

History of Rock Phish

The name Rock Phish appeared at the end of 2004. At that time, this name was given to an extremely dangerous group of organized criminals.

They were given that name because in order to bypass phishing filtering tools, this criminal group often created a directory called "rock" directly stored with their fake websites.

Since then, this criminal group has grown increasingly strong and become one of the "most successful" online criminal gangs in the world. They constantly "invent" many new attack techniques that make professional security experts also "admire" their talents.

It is estimated that the phishing attacks of this criminal group have earned them a profit of up to $ 100 million.

How it works

Rock Phish is not famous for attacking the two most popular goals, eBay and PayPal, but instead attacks US and European financial institutions.

The latest statistics show that Rock Phish has faked 44 brands of businesses in 9 different countries and sent countless impersonation emails to trick victims into accessing one of the fake and bogus websites. give them confidential information such as credit card numbers, online bank accounts . Rock Phish has never "forgiven" any "prey", from Barclays, Citibank, Deutsche Bank, and E-Trade to hundreds of other online payment businesses.

Roch Phish security experts estimate that nearly half of the phishing emails are sent on the Internet. " They are the most dynamic" online fraud group "in the world ," said Dan Hubbard, Websense's director of technology and security research.

What makes security experts like Dan Hubbard most concerned about Rock Phish is that this criminal group is always one step ahead of security and legal products.

For example, security experts say Rock Phish is the leader in image spam to bypass spam filtering tools. Then, while software vendors integrated phishing filtering tools into their browsers, the criminal group "created" special types of URL paths that prevent them from being "listed" in the "blacklist". URL phishing.

Symantec Ramzan expert shook his head in frustration, saying that the "disposable" website address like Rock Phish style makes them really hard to detect. Many times security experts also have to put up with blocking these websites.

By using a database of phishing addresses like Firefox browser, being over Rock Phish is like a meal. " Broadly speaking, blacklist-based anti-phishing technologies are completely useless ," Ramzan stressed.

The Anti-Phishing Working Group said that in recent times Rock Phish has continued to contribute to a dramatic increase in the number of phishing sites worldwide. In August, the criminal group distributed more than 19,000 phishing website addresses. This number doubled in October with more than 35,000 addresses.

Security experts say that Phish Rock is run by a small group of highly technical cyber criminals. Estimates of their numbers are only about a dozen people. But it is these guys who are in charge of their responsibility to create phishing sites, manage domain names and ensure stolen financial information is sent to a central server. Security experts call the server the "Mother Ship".

The information they steal will then be sold on chatrooms. Their consumers "goods" are mainly money launders that turn stolen money into clean money.

"Pure planet" of the phishing world

Rock Phish uses a network of "kidnapped" PCs to redirect visitors to their site on "Mother Ship".

Another particularly dangerous factor in Rock Phish's operating mode is that this criminal group has applied decentralized practices in illegal activities.

Their most successful tactic is the Rock Phish, which regularly uses the domain names of lesser known countries as Moldovia's ".md" domain because countries like these have almost no anti-law. phishing again. It is this hole that facilitates the strong development of Rock Phish.

" Rock Phish are activists for innovation in the phishing world ," Symantec's Ramzan expert admitted. " Whenever we see a new phishing attack technique, that's definitely Rock Phish's work ."

Trang Dung