FYI...

- http://preview.tinyurl.com/6peu5w
April 21, 2008 (E-week Security Watch) - "The notorious Rock Phish gang is pushing the envelope again, adding a sophisticated crimeware Trojan to its identity theft arsenal. The Russian group, which is responsible for about half of all phishing attacks, is now doing browser-based drive-by attacks to load a variant of Zeus, a Trojan toolkit that sells online for $700... "The victim is duped into visiting a phishing site. However, whether or not the victim surrenders his/her credentials into the site is irrelevant (many people click on phishing links but do not fill in meaningful information): with this new attack-twist, the victim will still be infected with a Trojan horse. This is done via a technique called "drive-by infection," wherein a vulnerability in the victim's operating system, browser, or software is exploited in order to infect the victim without his/her knowledge (and much less his/her consent, or with the victim having to proactively download software). The vulnerabilities that are exploited in these situations are often unknown to the software vendors and therefore often not addressed, leaving the victims defenseless... This particular case of drive-by infection was masked particularly well. The code that attempted to infect the machine was hosted on a domain named in such a way that it blatantly infringed on Google's trademark, but with the end-result that it made advanced users or heuristic security software more likely to allow content from the domain. The URL itself was also dynamically generated so blacklisting it or adding it to a trivial pattern match would fail."

- http://www.rsa.com/press_release.aspx?id=9347
April 21, 2008 - "...Victims of these phishing attacks not only have their personal data stolen – but they are then also infected with the Zeus Trojan. Once infected, the Trojan is capable of stealing additional information, such as personal data transmitted while interacting with other websites..."