Login
Login

Rock Phish

{{short description|Phishing toolkit and the group behind it}}

Rock Phish refers to both a phishing toolkit/technique and the group behind it.{{cite web |url=http://www.complianceandprivacy.com/News-Verisign-R-Ph-commentary.asp |title=What is Rock Phish? And why is it important to know? |access-date=2006-12-15 |author=Compliance and Privacy |date=2006-12-15 |publisher=Compliance and Privacy |quote=Rock Phish is an individual or group of actors likely working out of Romania and nearby countries in the region. This group has been in operation since 2004 and is responsible for innovation in both spam and phishing attacks to date, such as pioneering image-spam (Ken Dunham, VeriSign) }}{{cite web|url=http://www.infoworld.com/article/06/12/12/HNrockphish_1.html|title='Rock Phish' blamed for surge in phishing|access-date=2006-12-13|author=Robert McMillan|date=2006-12-12|publisher=InfoWorld|pages=2|archive-url=https://web.archive.org/web/20070108030945/http://www.infoworld.com/article/06/12/12/HNrockphish_1.html|archive-date=2007-01-08|quote=The first thing you need to know about Rock Phish is that nobody knows exactly who, or what, they are.|url-status=dead}}

Rock Phish gang and techniques

At one time the Rock Phish group was stated to be behind "one-half of the phishing attacks being carried out. VeriSign reports them as a group of Romanian origin, but others have claimed that the group is Russian.{{cite web |last1=Dignan |first1=Larry |title=RSA finds new malware enhanced phishing technique |url=https://www.zdnet.com/article/rsa-finds-new-malware-enhanced-phishing-technique/ |publisher=ZDNet |access-date=8 September 2018}} They were first identified in 2004.{{Cite book|url=https://archive.org/details/cyberfr_xxx_2009_00_7612|url-access=registration|page=[https://archive.org/details/cyberfr_xxx_2009_00_7612/page/264 264]|quote=Rock Phish gang.|title=Cyber Fraud: Tactics, Techniques and Procedures|last=Howard|first=Rick|date=2009-04-23|publisher=CRC Press|isbn=9781420091281|language=en}}

Their techniques were sophisticated and distinctive, as outlined in a presentation at APWG eCrime '07.{{cite web

| title=Examining the Impact of Website Take-down on Phishing.

| work=APWG eCrime Researcher's Summit, ACM Press, pp. 1-13

| author = Tyler Moore and Richard Clayton.

| url=http://www.ecrimeresearch.org/2007/proceedings/p1_moore.pdf

| access-date=October 28, 2007}}

History

In 2004 the first rock phishing attacks contained the folder path “/rock”, which led to the name of the attack, and group.

Attackers employed wild card DNS (domain name server) entries to create addresses that included the target's actual address as a sub-domain. For example, in the case of a site appearing as www.thebank.com.1.cn/thebank.html, ”thebank.com” portion of the domain name is the “wild card”, meaning its presence is purely superficial – it is not required in order for the phishing page to be displayed. “1.cn” is the registered domain name, “/thebank.html” is the phishing page, and the combination of “1.cn/thebank” will display the phishing page. This allows the perpetrators to make the wild card portion the legitimate domain name, so that it appears at first glance to be a valid folder path.{{cite web |last1=Goodin |first1=Dan |title=FBI logs its millionth zombie address |url=https://www.theregister.co.uk/2007/06/13/millionth_botnet_address/ |publisher=The Register |access-date=8 September 2018}}

References

{{reflist}}

{{Scams and confidence tricks}}

Category:Malware toolkits

Category:Social engineering (security)

Category:Spamming