*** Welcome to piglix ***

Rock Phish


Rock Phish refers to both the phishing toolkit and the entity that publishes the toolkit. Phishing is an email fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. The common information is that it is either a hacker or group of hackers, or a phishing tool kit, or that the same name is used for each.

In today’s world, organizations that conduct any business online are aware of the various threats that they may be subject to. While basic threats such as phishing attacks, worms and trojans are familiar terms for any IT or security professional, traditional methods associated with fraudulent activity have evolved to new and advanced levels of complexity.

The Rock Phish toolkit enables non-technical users to easily create and implement phishing attacks. The kit works by configuring a single Web server as a host, with multiple domain name servers (DNS es) to host a variety of templates, each one of which closely resembles a different legitimate bank or business venture. Attackers can then launch multiple phishing attacks from the host, fooling customers and clients into responding to the professional, legitimate-looking email and entering their personal or financial data into the phisher's trap. Once harvested, credit card and banking information is channeled into a central server, the "Mother Ship," and sold through chat rooms to a dispersed network of money launderers that extract money from phishing victims' accounts.

F-Secure has created videos of the Rock Phish Kit in action on their blog.

Robert McMillan disputes the definition above, saying that "security experts" call such a description inaccurate. He says Rock Phish is defined as a hacker or group of hackers stated to be behind "one-half of the phishing attacks being carried out these days." Because of the elusive nature of Rock Phish, the article reports Symantec as comparing it with the movie character Keyser Söze. VeriSign reports them as a group of Romanian origin. In the April 2007 edition of PC World, in an article entitled "Online Criminals are Thriving even in the face of New Automated Defenses" calls Rock Phish "a single phishing gang". This report that calls them the Rock Phish gang comes from a research firm known as Gartner, supported by RSA.


...
Wikipedia

...