RSA's New FraudAction Anti-Trojan Service

by James Gaskin

March 26, 2007 —

Listen to the column RSA's New FraudAction Anti-Trojan Service, or visit our Podcast Center to hear more by James Gaskin.

If your company belongs to the financial world in any way, whether as a bank, brokerage, or e-commerce leader, fraud gives you constant headaches. If phishing and pharming weren't bad enough, your company may be targeted by a Trojan campaign grabbing legitimate user information to use against you. RSA's expanding focus beyond authentication into pro-active fraud security may be able to help.

RSA's four pronged attack includes identification to monitor crimeware and discover intended victims (like your credit union). Analysis then decodes the crimeware to understand the intended crime method for exploiting stolen information, including security holes in the victim's technology. Tracing backwards, RSA works to identify and block control and command servers that distribute crimeware, such as Trojans waiting to report or get updates. Finally, their targeted shutdown programs convinces hosting providers to close the sites before they can do damage.

This trend makes sense as RSA expands their security services. Unlike some of the earlier services, the FraudAction activity runs as a hosted service at RSA on behalf of customers. They integrate with leading access and hosting providers to look for Trojan traffic targeting clients, then move to cut off avenues the criminals use to exploit their stolen information.

Marc Gaffan, Director of Product Marketing for RSA, says, "financial services clients in the past could only be reactive. We capture the crimeware, understand who it targets and what kind of damage it can do, and decide what countermeasures to use to combat the Trojan."

Law enforcement must be called by the client, not RSA, because the client is the one getting attacked. RSA will happily provide all forensic data to help in the prosecution, of course. But the reality is many financial institutions keep these types of attacks out of the courts and therefore the news.

Over 200 clients have signed up already, and this is an expensive program used by big companies. Gaffan claims RSA has already detected and shut down over 32,000 unique phishing attacks. The criminals keep advancing, changing, and trying new tactics. You must do the same, and RSA offers an interesting twist on the typically reactive security model.

Unfortunately, there isn't a Web host API command called "explode" or "flame on." Seeing criminals fleeing exploding Web servers into the arms of waiting police would be a great joy.

ITworld.com