Rock Phish - Rock Phishing History

Rock Phishing History

It was in 2004 that we saw the genesis of the rock phish attack. The name stems from the first recorded attack in which attackers employed wild card DNS (domain name server) entries to create addresses that included the target’s actual address as a sub-domain. For example, in the case of a site appearing as www.thebank.com.1.cn/thebank.html, ”thebank.com” portion of the domain name is the “wild card”, meaning its presence is purely superficial – it is not required in order for the phishing page to be displayed. “1.cn” is the registered domain name, “/thebank.html” is the phishing page, and the combination of “1.cn/thebank” will display the phishing page. This allows the perpetrators to make the wild card portion the legitimate domain name, so that it appears at first glance to be a valid folder path. The first rock phishing attacks contained the folder path “/rock”, which led to the name of the attack as we know it today. To date, it is estimated that rock phishing has already cost businesses and consumers in excess of $100 million in damages, and it continues to grow.

Until this attack, phishing was becoming more pervasive, but was far from mainstream - in large part because free Web services only allowed for limited activities. More recently however, attackers have found a more surreptitious way to launch attacks through legitimate websites themselves by exploiting common vulnerabilities in the software running on the sites. Unlike popularized software applications that openly announce changes, automate updates and provide open access to programming tools, administrators often have to spend time seeking out Web software updates and security weaknesses. This delay in - or sometimes complete lack of – action provides ample opportunity for attackers to do considerable damage.

In addition, there has been a move to make website software more accessible to the non-tech user so they can create their own Web pages. The drop in the sophistication levels of the Web masters makes the risk of rock phishing higher – and the opportunity to catch these sites and shut them down in a timely manner much lower.

At the same time, perpetrators for their part have taken it upon themselves to become well-versed in Web server technology. These are not the typical casual hackers that typified the “phisher kings” of past years. These are highly sophisticated, well educated, highly coordinated teams of people with exceptional technology skills.