Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Phishing activity trends report (June 2006)

According to a recent Anti-Phishing Working Group (APWG) report, the number of Internet sites spreading crimeware surged to an all-time high in June with 2,945 such sites being detected by APWG researchers—up 40 percent from May, and nearly 10 percent higher than the previous record.

The APWG phishing attack repository is the Internet’s most comprehensive archive of e-mail fraud and phishing activity. The APWG additionally measures the evolution, proliferation and propagation of crimeware, drawing from the independent research of their member companies.

Says Peter Cassidy, APWG Secretary General, “It makes you wonder what new levels of automation phishers may be achieving to get this kind of growth. While phishers still exploit e-mail messages to dupe consumers, it is clear that the entire surface of the Web is increasingly being viewed by phishers as a useful attack vector.”

The number of password-stealing applications detected in APWG research performed by Websense in the six months before June has ranged between 180 and 215.

By contrast, in the six months before the June report, the number of crimeware-spreading URLs ranged from 1,100 to nearly 2,700.

Phishing e-mail reports and phishing site trends

The total number of unique phishing reports submitted to APWG in June 2006 was 28,571—a substantial increase of over 8,000 attacks from May, and the most ever-recorded. However, much of this increase is due to the addition of new feed sources and a subsequent expansion of the sample size.

The number of unique phishing Web sites detected by APWG was 9,255 in June 2006, an increase in unique phishing sites from April and the highest ever recorded by the APWG. Financial services continues to be the most targeted industry sector, accounting for 93.1 percent of all attacks in the month of June.

Countries hosting phishing sites

In June, Websense Security Labs saw a continuation of the top three countries hosting phishing Web sites. The United States remains on the top of the list with 35.57 percent. The rest of the top 10 are as follows:

Phishing-based trojans—redirectors

Crimeware is designed with the intention of redirecting an end-user’s network traffic to a location where it was not intended to go to. This includes software that changes the host’s files and other DNS-specific information, browser-helper objects that redirect users to fraudulent sites, and software that installs a network-level driver or filter to redirect users to fraudulent locations. All of these must be installed with the intention of compromising information which could lead to identify theft or the theft of other credentials with criminal intent.

Along with phishing-based key-loggers, the incidence of traffic redirectors is rising steeply. The highest volumes are those of malicious code which modifies your DNS server settings or your host’s file to redirect either some specific DNS look-ups or all DNS look-ups to a fraudulent DNS server. The fraudulent server replies with ‘good’ answers for most domains. However, when they want to direct you to a fraudulent one, they simply modify their name server responses. This is particularly effective because the attackers can redirect any of the user’s requests at any time, and the end-users have little indication that this is happening as they could be typing in the address on their own and not following an e-mail or 2instant messaging lure.