One electronic crime syndicate using highly developed malware was to be blamed for two-thirds of the phishing attacks discovered in the second half of 2009, according to the Anti-Phishing Working Group (APWG).
The same syndicate was accountable for the general increase of phishing attacks documented throughout the Internet.
The Anti-Phishing Working Group (APWG) is a global industry, law enforcement, and government coalition dedicated on eliminating the identity theft and fraud that result from the growing problem of phishing, e-mail spoofing, and crimeware.
The authors of the report discovered that for around 66 per cent of the total phishing attacks in the second half of 2009, the Avalanche phishing gang was liable. The Avalanche phishing gang was successful in targeting about 40 banks and online service providers, as well as weak or non-responsive domain name registrars.
Greg Aaron, the co-author of the study and the director of key account management and domain security at Afilias, noted that the impact caused by Avalanche was beyond compare. This syndicate was to be blamed for two-thirds of phishing in the world, as well as advanced crimeware distribution. Banks and Internet users' losses were overwhelming.
Effective counter measures
According to Rod Rasmussen, the co-author of the study and the founder and chief technology officer, the ruthless activities of Avalanche led to development of some effective counter measures. The data reveals that the anti-phishing community, which counts the security responders, domain name registries and registrars, and target institutions, got very good at recognising and shutting down the attacks from the Avalanche phishing gang daily.
A synchronised action against the infrastructure of Avalanche in November has also led to a continuing, considerable reduction in attacks all through April 2010.
The APWG report also indicates that phishing uptimes have dropped by a third since 2008 and this drop shows the success of mitigation efforts. In addition, the amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two-and-a-half years.
The great majority of phishing continued to be concentrated in certain name spaces--just five top-level domains (TLDs).