GLASTONBURY, Conn. (12/14/10)--Credit unions in the U.S. saw the most pronounced change in phishing attempts against financial institutions in October, according to RSA Online Fraud Report for November. Credit unions accounted for 10% of phishing attacks during October, an increase from 6% in September and 3% in October. Phishing reports for credit unions haven't been that high since February, when credit unions were 12% of attacks, said RSA. The portion of attacks against regional U.S. banks fell 5%-- to 35%, the lowest since at least October 2009. Attacks against nationwide banks rose 1% during October, to account for 65% of the attacks in the U.S. financial sector, said the report. Glastonbury, Conn.-based RSA, a division of EMI, identified 16,047 worldwide phishing attacks, a 1% decrease from the total reported in September and the lowest number since 13,855 attacks were reported in June. The number of brands attacked increased slightly to 181 brands in October from 178 brands in September, said RSA's report. It was the second consecutive month that brands attacked totaled less than 200. The report also noted that botnet thefts--where criminals or security professionals "kidnap" an entire botnet by planting a poisoned configuration file into its command and control server--have seen two upgrades in the Zeus Trojan virus, making the malicious software harder to detect. The most talked-about upgrade for Zeus 2.1 is the new version's digital signature mechanism. Much like legitimate software, Zeus verifies the digital signature on all files and data it downloads, and ignores and deletes a file that doesn't match with the signature. Also, the new resources are stored in encoded form, which are decoded on-demand, when they are needed. Once the Trojan needs the resource, it decodes it, uses it, and then destroys the decoded copy, rendering it "invisible" to an outsider criminal or investigation. That makes it harder to analyze the malware.