Feeds

Home PCs launch phishing attacks

Honeynet project dissects the risks

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Phishing attacks are growing more sophisticated as attackers devise ever more devious means to stay at least one step ahead of banks and others fighting the contain fraudulent scams, according to a study from The Honeynet Project.

The report, Know your Enemy: Phishing, draws on data collected by the German Honeynet Project and UK Honeynet Project and focuses on picking apart real world incidents to discern the tactics of phishing fraudsters. As with a previous study on botnets, the findings come from monitoring a network of PCs deliberately left open to attack. What emerged from the study is the most detailed technical description of the modus-operandi of phishing attacks we've seen to date. It also discovered that lax security practices by consumers and small business are giving fraudsters a base from which to launch attacks.

The researchers discovered that phishers compromised honeypot machines for four main purposes: to set up phishing websites targeting well-known online brands; sending junk mail emails advertising phishing websites; installing redirection services to deliver web traffic to existing phishing websites or for the propagation of spam and phishing messages via botnets.

"We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing website going online with supporting spam messages to advertise the website, and that this speed can make such attacks hard to track and prevent," the researchers concluded. "IP address blocks hosting home or small business DSL addresses appear to be particularly popular for phishing attacks, presumably because the systems are often less well managed and not always up to date with current security patches, and also because the attackers are less likely to be traced than when targeting major corporate systems."

The research backs up the theory, advanced by groups like Spamhaus as well as police investigators, that the trade in compromised machines (botnets) to send out spam is linked to groups carrying out phishing attacks.

"Our research also suggests that phishing attacks are becoming more widespread and well organised. We have observed pre-built archives of phishing websites targeting major online brands being stored, ready for deployment at short notice, suggesting the work of organised phishing groups... Our research demonstrates a clear connection between spamming, botnets and phishing attacks, as well as the use of intermediaries to conceal financial transfers," the report concludes. ®

Related stories

Microsoft hunts web nasties with honey monkeys
Britain tops zombie PC charts
Rise of the botnets
Phishing gets personal
DNS attacks attempt to mislead consumers (pharming attacks)

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.