Rock Phishers Up the Ante with More ‘Digital Certificates’April 28, 2008 – 7:40 AM
Our friends from RSA have recently reported about the latest one-two punch employed by the infamous Rock Phish gang (also reported here and here ). Best known for their easy-to-use kits that yield professional looking phishing pages, Rock Phish now adds information-stealing malware — dubbed as the Zeus Trojan — in its arsenal.
This attack is reminiscent of the Bank of America phishing attack, which we reported several days ago, wherein users are prompted to install a “digital certificate” in order to access the bank’s online login page. Incidentally, the phishing page was also Rock Phish.
And apparently there were more: Trend Micro Advanced Threats Researcher Paul Ferguson and the TrendLabs Content Security team came across a couple of malicious “certificates” detected as TSPY_PAPRAS.AC and TSPY_PAPRAS.AD. These spyware each target the Comerica and Colonial banks, respectively.