APWG Report Cites ‘Avalanche’ of Phishing

Phishing operations, including perpetrators, how to report them and get them shut down.

APWG Report Cites ‘Avalanche’ of Phishing

Postby meep » Sun May 16, 2010 8:48 am

APWG just had a recent eCrime meeting in Brazil this past week (May 2010).

APWG's report in PDF format.

Below was the biggest headline from the conference that I found online (sample story):

APWG Report Cites ‘Avalanche’ of Phishing

Two-thirds of all phishing attacks detected worldwide in the second half of last year can be traced to a single electronic crime syndicate, according to a new report. ...
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: APWG Report Cites ‘Avalanche’ of Phishing

Postby AlphaCentauri » Sun May 16, 2010 10:21 am

Wow, lots of meat in that report for us to chew on. I haven't finished reading, but the summary is promising already:

1. The Avalanche phishing gang was responsible for two-thirds of all phishing attacks launched in 2H2009. (Page 5) Avalanche successfully targeted vulnerable or non-responsive domain name registrars and registries. However, Avalanche changed its activities significantly in November 2009, and as of this writing has a different modus operandi and greatly reduced scale. (Page 9)
2. In 2H2009, the average uptime of all phishing attacks continued to drop from previous periods. (Page 11) Some of this improvement is due to the attention that Avalanche phishing received from the response community. The average uptime for Avalanche domains was less than half of that for non-Avalanche domains. Unfortunately, non-Avalanche phish stayed up noticeably longer in 2H2009 than they did in 1H2009.
3. The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two-and-one-half years, a period in which the number of registered domain names in the world has grown. (Page 15)
4. The great majority of phishing continued to be concentrated in certain namespaces -- just five top-level domains (TLDs). (Page 15)
5. Phishers are not leveraging the unique characteristics of internationalized domain names (IDNs), and there are factors that may perpetuate this trend in the future. (Page 19)
6. Phishers continue to use subdomain services to host and manage phishing sites. Phishers use such services as often as they register domain names. This activity shows phishers using services that cannot be taken down by domain registrars or registry operators, in the hopes of extending uptimes of attacks. (Page 20)


"Subdomain services" would be the "Hosters" that Red keeps on top of.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: APWG Report Cites ‘Avalanche’ of Phishing

Postby Red Dwarf » Sun May 16, 2010 8:49 pm

AlphaCentauri wrote:Wow, lots of meat in that report for us to chew on. .....
6. Phishers continue to use subdomain services to host and manage phishing sites. Phishers use such services as often as they register domain names. This activity shows phishers using services that cannot be taken down by domain registrars or registry operators, in the hopes of extending uptimes of attacks. (Page 20)


"Subdomain services" would be the "Hosters" that Red keeps on top of.


Fascinating reading.
Yes, I see in their hoster lists my old favorites who shut down the bad guys immediately, like
    pochta.ru
    nextmail.ru
    110mb.com
    t35.com
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10455
Joined: Tue Jun 27, 2006 2:01 am


Return to Phishers

Who is online

Users browsing this forum: No registered users and 1 guest

cron