[4] Their techniques were sophisticated and distinctive, as outlined in a presentation at APWG eCrime '07.
[5] In 2004 the first rock phishing attacks contained the folder path “/rock”, which led to the name of the attack, and group.
Attackers employed wild card DNS (domain name server) entries to create addresses that included the target's actual address as a sub-domain.
For example, in the case of a site appearing as www.thebank.com.1.cn/thebank.html, ”thebank.com” portion of the domain name is the “wild card”, meaning its presence is purely superficial – it is not required in order for the phishing page to be displayed.
This allows the perpetrators to make the wild card portion the legitimate domain name, so that it appears at first glance to be a valid folder path.