A single cyber-gang known as Avalanche has been identified by the Anti-Phishing Working Group, as responsible for 66 percent of the phishing attacks in the last six months of 2009.
The crew is suspected to be a successor to the notorious Rock Phish gang of years past.
According to the report (PDF file), Avalanche was responsible for 66 percent of all phishing attacks during the last six months of 2009 and successfully targeted some 40 banks and online service providers.
“Avalanche’s impact was unprecedented,” said Greg Aaron, director of key account management and domain security at Afilias and co-author of the study, in a statement. “This one criminal group was responsible for two-thirds of the world’s phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual Internet users were staggering.”
According to APWG, there are indications the Avalanche crew is a successor to the infamous Rock Phish gang that operated from 2006 to 2008. Avalanche appeared in December of 2008, and was responsible for 24 percent of the phishing attacks in the first half of 2009.
“The Rock was the first to bring significant scale and automation to phishing,” the report states. “The Rock registered domain names regularly and in large numbers, used fast-flux hosting to support its phishing websites and extend their uptimes, and usually placed about six discrete phishing attacks on each domain name.”
Avalanche improved upon the Rock Phish gang’s techniques, hosting domains on a botnet consisting of compromised computers. Since no ISP or hosting provider has control of the hosting and can take the pages down, the domain name itself must be suspended by the domain registrar or registry – making mitigation more difficult, the APWG noted.
In mid-November however security researchers were able to disrupt the group’s botnet for about a week, and since then gang has launched fewer attacks. By March 2010, Avalanche was hosting only one phishing attack on each domain it registered, and the number of attacks fell from 7,089 in November to just 59 in April 2010, according to the report.
“Avalanche’s relentless activities led to the development of some very effective counter-measures,” explained Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, in a statement. “The data shows that the anti-phishing community – including the target institutions, security responders, and domain name registries and registrars – got very good at identifying and shutting down Avalanche’s attacks on a day-to-day basis.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…