The Anti-Phishing Working Group (APWG) has reported a sharp rise in the number of phishing attacks, combined with an increased sophistication among attackers.
In its monthly report (PDF) for November 2005 the APWG said that reported attacks grew to 16,882 from 15,820, the third month of growth after a slowdown over the summer.
The Europe was particularly hard hit as phishers looked for new targets outside the US.
The bulk of targets are still financial companies at nearly 95% of attacks in November, up from 86% in October.
There is also evidence that phishers are refining their targets lists, since the number of brands attacked has fallen despite the overall increase in activity.
Almost a third of all phishing sites are hosted in the US. South Korea is the second most popular host at 11.34%, reflecting the country’s high levels of broadband penetration.
There is also worrying evidence that attacks are getting smarter. The APWG noted an increased in legitimate sites being cracked and used to spread malware.
“A good example of this scheme was exhibited by an attack on the ShangHai Huizhong Automotive Manufacturing Company, one of the largest car manufacturers in China,” the report said.
“Crackers programmed the site to deliver key-loggers to the PCs of consumers visiting the ShangHai Huizhong site, installing a system that attempted to load and run malicious code on the visitors’ PCs.”
The APWG also found a much higher percentage of domain name server redirections using Trojan software.
One example occurred when a ‘security tool’ was e-mailed out claiming to be from PayPal which, once executed, automatically redirected any attempt to access PayPal to a phishing site hosted in India.
There is also little sign that website hosting companies are getting any better at shutting down phishing sites once they are discovered. The average time such a site stayed up was 5.5 days, unchanged from October.
Subscribers 0
Fans 0
Followers 0
Followers