Doubling of the number of crimeware-spreading URLs

The APWG announced today that its first quarter survey reveals a near doubling of the number of crimeware-spreading URLs at the end of the period, up from the previous record of 3500 detected crimeware-spreading website addresses.

The APWG reported that 6500 crimeware-spreading URLs established to infect PCs with password-stealing programs were detected in March, up 93 percent from 3362 in January – and an increase of 337 percent from the number detected at the end of Q1, 2007. The increase in crimeware-spreading URLs represents an increase of nearly 86 percent from the previous record of 3500 in November, 2007.

Attackers have apparently redoubled their efforts to develop new techniques to bypass security measures taken by consumers and enterprises, creating new programs to evade anti-malware filters before they can be updated with fingerprints of the most recently minted crimeware. The number of unique keyloggers (applications often crafted into crimeware to intercept consumers’ online user credentials for abuse by criminal organizations) detected during the period rose steadily, ending at 430. This is an all-time record, some 18 percent greater than the number recorded in the previous record month of January, 2008, when 364 unique malicious applications were detected.

Unique brand-domain pairs – the number of domains being used to target a specific brand by hosting URLs in phishing attacks – rose steadily throughout the sampling period from January through March, increasing from 6682 to 7584.