Feeds

Home PCs launch phishing attacks

Honeynet project dissects the risks

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Phishing attacks are growing more sophisticated as attackers devise ever more devious means to stay at least one step ahead of banks and others fighting the contain fraudulent scams, according to a study from The Honeynet Project.

The report, Know your Enemy: Phishing, draws on data collected by the German Honeynet Project and UK Honeynet Project and focuses on picking apart real world incidents to discern the tactics of phishing fraudsters. As with a previous study on botnets, the findings come from monitoring a network of PCs deliberately left open to attack. What emerged from the study is the most detailed technical description of the modus-operandi of phishing attacks we've seen to date. It also discovered that lax security practices by consumers and small business are giving fraudsters a base from which to launch attacks.

The researchers discovered that phishers compromised honeypot machines for four main purposes: to set up phishing websites targeting well-known online brands; sending junk mail emails advertising phishing websites; installing redirection services to deliver web traffic to existing phishing websites or for the propagation of spam and phishing messages via botnets.

"We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing website going online with supporting spam messages to advertise the website, and that this speed can make such attacks hard to track and prevent," the researchers concluded. "IP address blocks hosting home or small business DSL addresses appear to be particularly popular for phishing attacks, presumably because the systems are often less well managed and not always up to date with current security patches, and also because the attackers are less likely to be traced than when targeting major corporate systems."

The research backs up the theory, advanced by groups like Spamhaus as well as police investigators, that the trade in compromised machines (botnets) to send out spam is linked to groups carrying out phishing attacks.

"Our research also suggests that phishing attacks are becoming more widespread and well organised. We have observed pre-built archives of phishing websites targeting major online brands being stored, ready for deployment at short notice, suggesting the work of organised phishing groups... Our research demonstrates a clear connection between spamming, botnets and phishing attacks, as well as the use of intermediaries to conceal financial transfers," the report concludes. ®

Related stories

Microsoft hunts web nasties with honey monkeys
Britain tops zombie PC charts
Rise of the botnets
Phishing gets personal
DNS attacks attempt to mislead consumers (pharming attacks)

Remote control for virtualized desktops

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.