We present a framework to enable financial sector customers (such as banks, credit card companies, etc.) to build collaborative protection systems to guard against coordinated Internet-based attacks. The essential element of this framework is a new programming abstraction, called Semantic Room (SR), through which interested parties can process data and share information and computing resources in a trusted and controlled fashion. To this end, each SR is associated with a contract which, among other things, specifies its functionality (e.g., botnet and stealthy scan detection), QoS, and a set of rules governing its membership. We present the design of two event processing systems that we implemented to support the SR functionality in large distributed settings, and show how they can be used for detecting stealthy scans and man-in-the-middle attacks.