Robert McMillan disputes the definition above, saying that "security experts" call such a description inaccurate. He says Rock Phish is defined as a hacker or group of hackers stated to be behind "one-half of the phishing attacks being carried out these days." Because of the elusive nature of Rock Phish, the article reports Symantec as comparing it with the movie character Keyser Söze. VeriSign reports them as a group of Romanian origin. In the April 2007 edition of PC World, in an article entitled "Online Criminals are Thriving even in the face of New Automated Defenses" calls Rock Phish "a single phishing gang". This report that calls them the Rock Phish gang comes from a research firm known as Gartner, supported by RSA.
Jeff Singleton of HackDefendr Security rebuts Robert McMillan's claim as invalid for the information presented on this page. The correct information of the hacking group called the Rock Phish Gang in comparison with the type of attack via the kit which are also called Rock Phish are in fact different. The authors of the kit remain anonymous, Rock Phish has become the most popular phishing kit available online, with some estimates suggesting that the kit is used for half of all phishing attempts.
Independent of what definition is used, rock phishing is often used to refer to phishing attacks with some particular features. To minimize the effects of takedown, rock phishers work by registering a large number of domains, which are used to host scripting files that send and receive information from the perpetrator’s main host. These types of attacks are hosted in such a way that they can be displayed on any compromised machine controlled by the perpetrators. Furthermore, advanced scripting set up by attackers allows the domains to move from ISP to ISP without any human intervention. Given that these types of online criminals have a deep knowledge of and experience in online exploitation, finding the source of and controlling damages done as a result of a rock phishing attack becomes extremely challenging.
An account of rock phishing tactics was presented at APWG eCrime '07.
Read more about this topic: Rock Phish
Famous quotes containing the word rock:
“My spirit looks to God alone,
My rock and refuge is His throne,
In all my fears, in all my straits,
My soul on His salvation waits.”
—Isaac Watts (1674–1748)