One crime syndicate responsible for most phishing attacks

A single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 — and was responsible for the overall increase in phishing attacks recorded across the Internet, according to a report released today by the Anti-Phishing Working Group (APWG).

The report authors found that the Avalanche phishing gang was responsible for some 66 percent of all phishing attacks launched in 2H2009. Avalanche successfully targeted some 40 banks and online service providers, and vulnerable or non-responsive domain name registrars and registries.

“Avalanche” is the name given to the world’s most prolific phishing gang, and to the infrastructure it uses to host phishing sites. This criminal enterprise perfected a system for deploying mass-produced phishing sites, and for distributing malware that gives the gang additional capabilities for theft.

Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, said, “Avalanche’s relentless activities led to the development of some very effective counter-measures.” Rasmussen explained, “The data shows that the anti-phishing community — including the target institutions, security responders, and domain name registries and registrars — got very good at identifying and shutting down Avalanche’s attacks on a day-to-day basis. Further, a coordinated action against Avalanche’s infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010.”

The new report also contains analysis of other phishing trends. Key findings and highlights include:

  • Phishing uptimes have dropped by a third since 2008. Uptimes are a vital measure of how damaging phishing attacks are, and the drop indicates the success of mitigation efforts.
  • The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two-and-one-half years, a period in which the number of registered domain names in the world has grown.
  • The great majority of phishing continued to be concentrated in certain name spaces — just five top-level domains (TLDs).