A single criminal operation was responsible for two-thirds of all phishing attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published this week said.
The Avalanche gang is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible for half the world’s phishing attacks before fizzling out in late 2008. Driving the success of both groups is their use of state-of-the-art technology for mass-producing imposter websites and distributing huge amounts of crimeware for automating identity theft.
“Avalanche uses the Rock’s techniques but improved upon them, introducing greater volume and sophistication,” the report, released by the Anti-Phishing Working Group, stated.
The study shows that the “Avalanche” organization targeted vulnerable and unresponsive domain name registrars and registries, but in November 2009 changed tactics and now operates at a greatly reduced scale.
Continuing a trend, the average uptime for a phishing attack declined in the second half of 2009. Industry response to Avalanche was responsible for much of this, but non-Avalance phish had greater lifetimes, actually increasing from the first half of the year.
The report includes a great deal of data on the Internet domains used, the impact of subdomain services, Internationalized Domain Names (IDNs) and other such developments.
- Similar posts
- One password for all spells disaster (43.9%)
- Domain and address system for internet to be changed (35.1%)
- Facebook a trojan playground? (21.1%)
- Forticlient Suite now free (12.3%)
- Kaspersky Internet Security 2010 (12.3%)
- IE8 update (3.5%)
- Clampi virus on the loose (3.5%)
One Response to “Major phishing group identified”
Leave a Reply
You must be logged in to post a comment.
May 17th, 2010 at 8:09 pm
A Russian internet host reportedly popular with gangs who stole online bank logins has been taken offline.
The PROXIEZ-NET service had previously advertised itself as immune to attempts to shut it down.
Miko Hypponen, chief research officer at F-Secure, said the development was “very nice”.
He warned that those who used the host for malicious purposes will almost certainly “already be switching to a different service.”
Crimeware
Mr Hypponen said that PROXIEZ “have been known to be involved in various nasty businesses”.
“We’ve noticed them in connection with Zeus, a toolkit written and sold by a Russian software engineer, which enables people to do keylogging to grab PayPal, eBay and online banking passwords,” he said.
According to Mr Hypponen, the Zeus software itself is not illegal, but can be used for malicious purposes.
http://news.bbc.co.uk/1/hi/technology/10119562.stm