Feeds

Phishers tapping botnets to automate attacks

Is your PC hosting a bank fraud site?

  • alert
  • submit to reddit

New hybrid storage solutions

Computer criminals are making phishing more potent by automating attacks. Anti-Phishing Working Group (APWG) analysts reckon fraudsters are using automated tools and botnets to ramp up attacks. It estimates attacks grew by an average of 36 per cent a month between July and October.

Scam emails that form the basis of phishing attacks often pose as 'security check' requests from well-known businesses. These messages attempt to trick users into handing over their account details and passwords to bogus sites. The details collected this way are used for credit card fraud and identity theft. First seen more than a year ago, phishing emails are becoming increasingly sophisticated, directing users to bogus websites which accurately reproduce the look and feel of legitimate sites.

Home PCs used to host baiting sites

In October, there were 6597 new, unique phishing email messages reported to the APWG, compared to 2158 such reports in August. The number of active baiting sites reported to the APWG in October was 1142, 25 per cent up on September, targeting customers of 44 brands. According to the working group, fraudulent sites were online for an average of 6.4 days. The number of phishing sites hosted on compromised broadband PC rose by more than 50 per cent.

APWG reports an explosion of phishing activity at the start of October. "Starting on the afternoon of 5 October, we started seeing a massive increase in the amount of phishing sites. Evidence indicated that the phishing exploits were not targeting one particular brand, but several targeted simultaneously. The one common theme of these phishing sites is that nearly all are being hosted on IP addresses and mostly outside of the US," the report states.

"It appears as though some sort of toolkit is available and/or a set of tools that are being used to produce similar exploits. The sudden large spike may, however, indicate that some automation may be involved. We are also seeing multiple brands being spoofed from the same machine over a few days. For example a site will be an eBay spoof one day, and then Paypal, then Citbank, etc. The content of the attacks is quite varied."

The US is home to the majority of these baiting sites, hosting 29 per cent of those reported to the APWG in October, a slight decrease over the month. China, Korea, and Russia are next on the list with 16 per cent, nine per cent, and eight per cent respectively of the total sites hosted. APWG's report, jointly written by security researchers at Websense and Tumbleweed Communications, is available here (PDF).

Let's factor out phishing

Services to monitor phishing attacks, allowing targeted sites to respond more quickly, or browser add-ons (such as Comodo's Verification Engine) that allow consumers to detect fraudulent sites have been developed by security firms to tackle the problem. One promising approach is to apply two-factor authentication, long a mainstay of corporate remote access, to internet banking. Swiss and Scandinavian banks have been using this approach for some time but use of the technique is rare in the US and UK, for example.

Earlier this month two New Zealand banks - ASB and Bank Direct - set up a service to provide two-factor authentication with text messages to their customers mobile phones to authorise transactions over $2500. The service, called Netcode, uses technology from RSA Security. Independent security experts think the idea shows considerable promise.

"The scheme is elegant, simple to use, cost-effective and requires no new hardware outlay," said Pete Simpson, ThreatLab Manager at security firm CLEARSWIFT. "This will thwart phishers who lure victims to fake websites and will defeat those that surf to the real site and display impostor popups for input of credentials. Clearly, those older attacks using HTML forms in the email are also dead-in-the-water." ®

Related stories

Phishing for dummies: hook, line and sinker
Botnets trawl for phishing victims
UK preps major security awareness campaign
Four charged in landmark UK phishing case
UK banks launch anti-phishing website

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.