APWG Report: Rising Subdomain-based Attacks a Filter-Evasion Ploy.Crimeware Variants Seen Expanding for the Second Straight Month LOS ALTOS, Calif. & CAMBRIDGE, Mass. -- The Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. (APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group ) announced today that the number of distinct spoof Web sites rose 52% in October 2006 to a record-shattering of 37,444, up from 24,565 a month earlier. The statistics reflect a substantial increase in the use of subdomain-based attacks, which primarily affect the most frequently-targeted financial services organizations. This new phishing technique aims to thwart recent advances in anti-phishing technology, including spam filters and URL-based blocking technology. By creating several subdomains on the same domain, such as www.bank.com.543756.bankphish.com/login.php and www.bank.com.233966.bankphish.com/login.php, phishers are attempting to subvert both spam filters and the URL-based browser blocking technologies. "We have seen literally as many as several thousand subdomains hosted on the same domain," said Dr. Laura Mather, senior scientist for MarkMonitor, which contributes data and analysis to APWG's monthly reports. "It can be difficult for current anti-phishing technologies to block hundreds or thousands of URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. variations associated with each phish attack since they have to be aware of all possible variations of the URL. Some technology can block using wildcards which helps address this problem, but both the blocking technology and the companies providing the block lists need to move towards providing URLs with wildcards to mitigate this technique." APWG Chairman David Jevans concluded, "While the overall volume of phishing emails is increasing somewhat, the number of unique domains that are being employed in those email lures is growing much more quickly. This is an attempt to evade spam filters and anti-phishing toolbars and blacklists. As ever, the phishers continue to innovate and expand their efforts to defraud consumers and businesses." Meanwhile, APWG researchers from the group's PROJECT: Crimeware initiative report that detected crimeware variants rose substantially for the second straight month, with the number of crimeware variants rising to break records - in October hitting 237 unique variants, up 38 percent from August, 2006. Dan Hubbard, Vice President of Security Research at Websense, and an APWG contributing researcher, said that a good deal of the increase in crimeware detected can be accounted for in greater volume of variations coming from Brazilian malicious code authors. For more information and analysis, please download a free copy of the "Phishing Attack Trends Report" for September and October 2006 at www.antiphishing.org/reports/apwg_report_september_october_2006.pdf About the Anti-Phishing Working Group The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,500 companies and government agencies participating in the APWG and more than 2,500 members. The APWG's web site (http://www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors include: 41st Parameter, 8e6 Technologies, Able NV, ActivCard (ACTI ACTI Advanced Cleanup Technologies, Inc (Rancho Dominguez, CA) ACTI Advanced Computational Technology Initiative ACTI Advisory Committee on Technology Innovation ACTI Aircrew Coordination Training Instructor ), Adobe (ADBE ADBE Adobe Systems, Inc. (stock symbol) ), AhnLab, Aladdin Knowledge Systems Aladdin Knowledge Systems NASDAQ: ALDN is a company that provides solutions for software digital rights management and Internet security since 1985. Its corporate headquarters are located in Tel Aviv, Israel. (ALDN), Anakam, Anonymizer, BBN Technologies, BlueStreak, Brandimensions, Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyveillance, DigitalEnvoy, DigitalResolve, Earthlink (ELNK ELNK EarthLink, Inc. (stock symbol) ELNK Ethernet Link ), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye Digital Security eEye Digital Security is a company that specialises in analysis and prevention of security vulnerabilities in software. Founded by Firas Bushnaq and Marc Maiffret in 1997, the company has been credited by Microsoft with bringing a number of security vulnerabilities to their , F-Secure, GeoTrust, GoDaddy, ING Bank, Iconix, InternetIndentity, Internet Security Systems, IOvation, IS3, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), Mirapoint, MX Logic, NameProtect, Netcraft, NetStar, PassMark, Panda Software, Phoenix Technologies, Inc. (PTEC PTEC Pinellas Technical Education Centers (Clearwater, FL) PTEC Pharmacy Technician Educators Council PTEC Psychiatric Technician PTEC Plastics Technical Evaluation Center PTEC Page Table Edit Control ), Quova, RSA Security (RSAS RSAS RSA Security, Inc. (stock abbreviation, AMEX) RSAS Royal Swedish Academy of Sciences RSAS RAND Strategy Assessment System RSAS Reactor Safety Assessment System ), SAIC, SecureBrain, Sigaba, SOPHOS, SquareTrade, SurfControl, Symantec (SYMC), The 41st Parameter, Trek Blue, Trend Micro (TMIC), Tricerion, TriCipher, Tumbleweed Communications (TMWD), SurfControl (SRF SRF abbr. somatotropin-releasing factor .L), Vasco (VDSI), VeriSign (VRSN), Visa, Websense, Inc. (WBSN), WholeSecurity and ZixCorp. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion