clipped from www.theregister.co.uk

The Rock Phish gang – one of the net’s most notorious phishing outfits – has teamed up with another criminal heavyweight called Asprox in overhauling its network with state-of-the-art technology, according to researchers from RSA.

Over the past five months, Rock Phishers have painstakingly refurbished their infrastructure, introducing several sophisticated crimeware packages that get silently installed on the PCs of its victims. One of those programs makes infected machines part of a fast-flux botnet that adds reliability and resiliency to the Rock Phish network.

RSA researchers also noticed that a decrease in phishing attacks hosted on Rock Phishers’ old servers coincided with never-before-seen phishing attacks used on the Asprox botnet.

“It just shows that these guys know each other and are willing to provide services to each other,” said Joe Stewart, a researcher at SecureWorks who has spent years tracking Asprox and groups that use fast-flux botnets.

clipped from blog.wired.com

Researchers Use Facebook App to Create Zombie Army – Update

Computer researchers built a tool that demonstrates how hackers could silently turn Facebook users into a powerful zombie army that can attack other websites or scout for vulnerable sites on the net.

Their demo attack was very simple and surprisingly effective. They created an application that displayed a new National Geographic photo daily on a user’s Facebook page — though the app was not approved of by National Geographic.

But in the background, the application is also downloading three large photos from a targeted site. But the user’s browser never displays the images. Any application with enough users will then act like a denial of service attack flooding the chosen website with requests for data. The user stops being a part of the attack after logging out, but joins again every time he returns.