Anti-Phishing Working Group March 2005 Report; Phishing Still on Rise - Keyloggers and Crimeware Advancing.CAMBRIDGE, Mass. -- The Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. (APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group ) today reported that phishing attacks continue to grow, and that phishers are deploying new technologies that completely avoid tell-tale indicators of phishing attacks such as spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing. (2) Creating fake responses or signals in order to keep a session active and prevent timeouts. a bank identity. Phishers are using phishing sites to secretly download criminal malware, "crimeware", onto consumer PCs to capture login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. and password credentials and other personal information. The numbers of email-based phishing attacks grew modestly at around 2% according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Tumbleweed tumbleweed, any of several plants, particularly abundant in prairie and steppe regions, that commonly break from their roots at maturity and, drying into a rounded tangle of light, stiff branches, roll before the wind, covering long distances and scattering seed as Communication's reported estimates, though the servers supporting those attacks surged by nearly 7%. Phishers continue to focus on financial institutions with 12 new hijacked brands in March - nine of which were financial institutions, clear continuation of a months-long trend in which phishers have targeted more, and often smaller, financial institutions. The APWG reported that over the last two months, Websense(R) Security Labs(TM) has seen a dramatic increase in the volume of crimeware attacks. From February through March, researchers discovered 8-10 new keylogging systems per week, and more than 100 crimeware-hosting websites per week - up from 1-2 keylogging variants and 10-15 crimeware-hosting websites per week recorded during November and December of 2004. "Any Internet communications medium can be a delivery mechanism for crimeware," said APWG Secretary General Peter Cassidy. "The goal of the phisher is shifting from tricking consumers into submitting their credentials at counterfeit websites to finding any means to plant crimeware on PCs. Relatively few of us have been fooled in phishing attacks - but who among us can say we've never had to pull malware - now mutating into crimeware - from a PC?" Report highlights as follows: Number of active phishing sites reported in March: 2870 Average monthly growth rate in phishing sites July 2004 through March 2005: 28% Number of brands hijacked by phishing campaigns in March: 78 Country hosting the most phishing websites in March: US Contain some form of target name in URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. : 31% No hostname just IP address: 48% Percentage of sites not using port 80: 3.89% Average time online for site: 5.8 days Longest time online for site: 31 days |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion