Rock Phish refers to both a
phishing
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
toolkit/technique and the group behind it.
Rock Phish gang and techniques
At one time the Rock Phish group was stated to be behind "one-half of the phishing attacks being carried out.
VeriSign
Verisign Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and gener ...
reports them as a group of Romanian origin,
but others have claimed that the group is Russian. They were first identified in 2004.
Their techniques were sophisticated and distinctive, as outlined in a presentation at APWG eCrime '07.
History
In 2004 the first rock phishing attacks contained the folder path “/rock”, which led to the name of the attack, and group.
Attackers employed wild card DNS (domain name server) entries to create addresses that included the target’s actual address as a sub-domain. For example, in the case of a site appearing as
www.thebank.com.1.cn/thebank.html, ”
thebank.com” portion of the domain name is the “wild card”, meaning its presence is purely superficial – it is not required in order for the phishing page to be displayed. “
1.cn” is the registered domain name, “/thebank.html” is the phishing page, and the combination of “
1.cn/thebank” will display the phishing page. This allows the perpetrators to make the wild card portion the legitimate domain name, so that it appears at first glance to be a valid folder path.
References
{{Scams and confidence tricks
Malware toolkits
Social engineering (computer security)
Spamming