Reports have reached us of a fresh SQL injection attack that has compromised many websites. A Google search of the malicious iframes used in the attacks nets over 100,000 hits:

I used to have a Twitter account, called mikkohypponen

I used it to tell about things I saw while doing computer security research.

This turned out to be quite popular.

But then, two days ago, I got banned from Twitter.

My account was suspended by Twitter without explanation.

When a small phishing gang decides to upgrade its infrastructure, it is often done in a quick and dirty fashion. The transition is almost immediate, and often buggy and unprofessional. But what happens when a gang on the scale of the Rock Phish group decides to abandon its old methods and upgrade its botnet infrastructure? It is done slowly, smoothly but most importantly -- professionally.

The RSA FraudAction Research Labs recently gathered information that indicates major changes in the tactics employed by the Rock Phish gang.