APWG Report Finds Desktops Besieged By Record Numbers of Crimeware-Spreading Websites and Rogue Anti-Malware Programs.CAMBRIDGE, Mass. & LOS ALTOS, Calif. -- The APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group , the global independent coalition combating electronic crime, reported today that rates of crimeware-spreading sites and rogue anti-malware programs used for a number of electronic crimes exploded at year's end, indicating that electronic crime gangs are investing deeply in automated systems to steal personal and enterprise data. The 2nd Half/2008 APWG Phishing Activity Trends Report released today reveals that the number of crimeware-spreading sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 websites in December. This represents an 827 percent increase from January of 2008. Further, the report found, rogue anti-malware programs increased 225 percent from 2,850 in July to 9,287 in December. (Rogue Anti-Malware Programs are fake anti-malware products that can be used for automated phishing, extortion or, most commonly up until recently, the fraudulent sale of a worthless purported anti-malware product.) APWG Chairman, Dave Jevans said, "While phishing attacks continued against consumers, we saw that cyber criminals really focused new efforts on spreading malicious software, Trojans and crimeware. In particular, criminals are attempting to install software onto consumer's computers in order to steal their passwords and login credentials to online sites. Consumers must be wary not only of fake emails purporting to be from banks, but also beware of fake security software from unknown vendors and, more than ever, websites programmed to infect their PCs." Other highlights in the 2nd Half/2008 APWG Phishing Activity Trends Report's include: Unique phishing reports submitted to APWG recorded a yearly high of 34,758 in October Unique phishing websites detected by APWG during the second half of 2008 saw a constant increase from July with October having the high for the half at 27,739 The number of unique keyloggers and crimeware-oriented malicious applications rose to an all-time high in July, reaching 1,519 The 2nd Half high of 269 targeted brands in November is just 8.5 percent lower than in May's all-time high of 294 The number of phishing attacks against payment services increased more than 34 percent between Q3 and Q4 Addressing the consistently high number of brands being targeted by electronic crime gangs, Blake Hayward, Vice President, Product Marketing, MarkMonitor and contributing analyst to the Phishing Activity Trends Report said, "The continued rise in targeted brands suggests that phishers are scaling their operations to conduct multi-brand attacks." Websense Chief Technology Officer and APWG Research Fellow Dan Hubbard said that the major uptick of malicious code URLs was mostly due to some large attacks that were using huge amounts of random websites for phishing campaigns that were spoofing classmates' websites. Discussing the surge in rogue anti-malware programs, Luis Corrons, Panda Labs' Technical Director and the newest APWG Phishing Activity Trends Report contributing analyst said, "Rogue anti-malware applications are not something new. They have been around for a few years. But it was not until mid-2008 when cybercriminals realized that this form of attack was a great way to obtain fresh money from users." The full report is available here: http://www.antiphishing.org/reports/apwg_report_H2_2008.pdf ABOUT THE APWG: The APWG, founded as the Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. in 2003, is an industry, law enforcement and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, researchers and solutions providers. There are more than 1,800 companies, law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). and government ministries worldwide participating in the APWG and more than 3,300 members. The APWG's Web site (www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors include: AT&T (T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Cisco (CSCO CSCO Cisco Systems Incorporated (stock symbol) CSCO Chief Supply Chain Officer ), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Earthlink (ELNK ELNK EarthLink, Inc. (stock symbol) ELNK Ethernet Link ), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, Marshall86, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank The National Australia Bank or NAB (ASX: NAB, LSE: NAB, NYSE: NAB, TYO: 8637 ) is part of the NAB Group. It is the largest bank in Australia by assets, and 28th largest in the world. (ASX ASX See: Australian Stock Exchange : NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC PTEC Pinellas Technical Education Centers (Clearwater, FL) PTEC Pharmacy Technician Educators Council PTEC Psychiatric Technician PTEC Plastics Technical Evaluation Center PTEC Page Table Edit Control ), Phishme.com, Phorm, The Planet, SalesForce, Radialpoint, RSA Security (EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. ), SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC SYMC Symantec Corporation (stock symbol) ), TDS TDS total dissolved solids. Telecom, Telefonica (TEF TEF Tracheoesophageal fistula, see there ), Trend Micro (TMIC TMIC Trend Micro Inc. (stock symbol) TMIC Top Mount Intercooler (automotive turbo systems) TMIC Traffic Management and Information Centre TMIC Training Management Information Center ), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO). |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion