Add to del.icio.us     Digg this

May 17, 2010

Internet security firms say that just one single criminal group "The Avalanche Gang" was responsible for over 66.2 percent of all phishing attacks in the second half of last year and is also responsible for a 216 percent increase in the frequency of the crime.

The operation is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible for about 53 percent the world's phishing attacks before being taken down in late 2008.

Fueling the success of both groups is their use of new, state-of-the-art technology for mass-producing imposter websites and distributing large amounts of crimeware and malware for automating identity theft on a very large scale.

The study, released by the Anti-Phishing Working Group suggests "for the most part, Avalanche uses the Rock Phish's techniques but greatly improved upon them, introducing larger size files and more sophistication in them and in the way the files interact on victim's computers."

There were over 126,700 phishing attacks during the second half of last year, representing an increase of well over 53 percent in the first half of the year or from July through December of 2008, the APWG report said.

First identified in December of 2008, Avalanche was responsible for 24.3 percent of all phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of 2009, Avalanche targeted more than forty major financial institutions, online services, and job search providers.

Avalanche's crimeware success is due in part to the use of fast-flux botnets to host phishing sites. Additionally, the use of peer-to-peer communications also make it impossible for a single ISP or hosting provider to cancel the work of the crimeware.

The Avalanche group also is good at launching attacks from a relatively smaller number of domain names that often appear confusingly identical to each other, such as 11f1iili.com and 11t1jtiil.com.

Those abilities also fuel its inherent success at phishing attacks and at replicating itself throughout computer networks across the globe.

"During an Avalanche campaign, it wasn't unusual for the target institutions, the relevant domain name registrar(s), a domain name registry, and other responders and service providers to all be aware of the campaign and working on mitigation at the same time," the report stated. "As a result, Avalanche attacks had a much shorter average uptime than non-Avalanche phishing attacks, and community efforts partially neutralized the advantage of the fast-flux hosting."

Last November, some security firms were instrumental at briefly shutting down the Avalanche infrastructure, and ever since then phishing attacks generated by the group have rapidly dropped exponentially.

In April, the Avalanche group launched less than sixty attacks, each one with a separate domain.

Add to del.icio.us     Digg this

Source: The Anti-Phishing Working Group.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.