CipherTrust Proves Worldwide Phishing Attacks Originate From Less Than Five Zombie Network Operators

ATLANTA, GA — (MARKET WIRE) — 10/18/2004 — CipherTrust, Inc., the leader in messaging security, today released the findings of an analysis of real-world e-mail messages collected from companies worldwide which use IronMail, CipherTrust’s award-winning messaging security appliance. Most significant is evidence that fewer than five zombie network operators are responsible for all Internet phishing attacks worldwide.

During the first two weeks in October, CipherTrust researchers found that less than one percent of e-mail messages are phishing attacks. Although the percentage of phishing messages was relatively small, researchers discovered that each day phishing attacks on the Internet were delivered via a different set of 1,000 zombies, or computers that are maliciously taken over by viruses without the owners’ knowledge; and 70 percent of those zombies were also used to send spam. More than 32 percent of these zombies were based in the United States, with the second largest number, 16 percent, coming from the Republic of Korea. The remaining 52 percent of phishing zombies were spread across ninety-eight other countries.

CipherTrust’s recent phishing analysis also confirms that 46 percent of the phishing attacks used the Citibank brand to entice victims to share financial and personal information. The remaining 54 percent of attacks were split among twelve other well-known brands across the financial and online retail industries. But unlike spam, research indicates that phishing attacks are precisely targeted. For example, recent findings revealed that Lloyds TSB, one of Europe’s leading financial institutions, has been subject to use by phishing scammers, with messages sent almost exclusively to e-mail users located in Europe, where the company is based.

“Phishing attacks represent a collaboration of the world’s most skilled hackers and organized crime — instead of breaking into the bank to take money, phishers are tricking users into handing over their account information, or rather the electronic keys to the vault,” said Paul Judge, chief technology officer at CipherTrust. “Regardless of the number of people propagating these threats or the volume of e-mail constituted by phishing, CipherTrust takes them seriously, and will continue to prevent these attacks from reaching our customers. CipherTrust is committed to working with other members of the e-mail ecosystem to stop the perpetrators responsible for phishing, and make the Internet a safer place to conduct business.”

For the complete report, please visit

CipherTrust gathered this information by detecting the senders’ Internet Protocol (IP) addresses on confirmed phishing attacks, and then relating those addresses to CipherTrust’s TrustedSource reputation system, helping to verify and determine which phishing attackers send the e-mails. Measuring these types of activities and other behaviors, and having them influence the sender’s reputation in real time is critical to deploy an effective reputation system. CipherTrust’s TrustedSource was designed to provide precise information about sender behavior across hundreds of thousands of IP addresses for the purpose of tracking message legitimacy, and using that information to determine the intent of e-mail senders.

TrustedSource is populated and kept current though constant dialog with participants in the IronMail Global Network (IGN), consisting of over 7.5 million enterprise e-mail users protected by CipherTrust’s IronMail appliance. Members of the IGN can select to contribute data for analysis which allows CipherTrust to refine the defenses implemented in IronMail to make sure both known and unknown attacks are detected and blocked.

About CipherTrust, Inc.

CipherTrust, Inc. is the leader in messaging security. The company’s powerful, award-winning IronMail appliance combines the five critical e-mail security components of spam and fraud prevention, virus and worm protection, policy and content compliance, e-mail privacy, and secure e-mail gateway capabilities into a single easy to deploy and manage platform. IronMail protects the messaging systems of more enterprise e-mail users than any other solution, including 30 percent of the Fortune 100. CipherTrust’s investors include Battery Ventures, Greylock, U.S. Venture Partners, Noro-Moseley and Silicon Valley Bank. For more information about CipherTrust, please visit or call 877.448.8625.

CipherTrust and IronMail are registered trademarks of CipherTrust, Inc. All other trademarks are property of their respective owners.

Don't miss