TMCnet News
Anti-Phishing Working Group Expands Online Identity Theft Charter Launches New Crimeware Report to Track Automated Phishing Technologies and Criminal SpywareCAMBRIDGE, Mass. --(Business Wire)-- Aug. 3, 2005 -- The Anti-Phishing Working Group (APWG) today announced that it has expanded its charter to encompass broader identity theft issues on the Internet. The members and steering committee of the APWG have requested the group to expand its focus to encompass emerging identity theft problems including pharming (DNS attacks) and crimeware (malicious spyware designed to steal identities). The APWG is a non-profit consortium of over 1,000 financial institutions, ISPs, security vendors and law enforcement agencies worldwide. "APWG members have made huge strides in developing security solutions and operational practices to fight traditional phishing fraud," said APWG Chairman David Jevans. "Recent research has shown that phishers are using vulnerabilities in ATM network authentication for financial gain. As we continue to make progress in fighting phishing, the phishers are increasing their technical sophistication and are launching ever more sophisticated attacks designed to steal identity information and perform financial fraud. APWG members are coming together to pool our know-how and collaborative spirit to fight these new threats." The APWG this month launched "PROJECT: Crimeware", an investigation into malicious software that steals consumer, government and enterprise access credentials and uses them for attacks, identity theft and financial fraud. "Automated phishing systems have already proven their potency in Brazil where losses due to phishing run, according to arrest reports there, into the tens of millions of dollars. The APWG's belief is that conventional phishing via social engineering schemes will be eclipsed by advanced, automated crimeware based on keyloggers, redirectors and session hijacking technologies," said APWG Chairman David Jevans. While the number of conventional phishing campaigns reported to the APWG rose from 14,987 in May to 15,050 in June, the number of unique crimeware instances detected that were dedicated to password stealing nearly doubled from 79 in May to 154 in June. In a similar trend, the number of password-stealing malicious code URLs detected grew from 260 in April to 495 in May and to 526 in June. "We continue to see an evolution in the threat of malicious code being used in crimeware and online attacks," said Dan Hubbard, senior director of security for Websense, Inc. who provided analysis for the June report's crimeware segment. "Working with this code, attacks are becoming more perilous and complex, supplementing traditional social engineering schemes." The APWG will be expanding and augmenting the data on crimeware in its monthly reports, drawing from the independent research by its member companies. This month, PandaLabs joins contributing researchers from Websense (WBSN) and Tumbleweed Communications (TMWD). PandaLabs reports in June's APWG survey its finding of a Trojan-type phishing system which includes a list of thousands of brandholders' domains, demonstrating the advance of phishing technology toward automated wide-scope consumer-credential capture techniques. APWG Secretary General Peter Cassidy said, "Clearly, phishers are in the midst of redrafting their techniques to improve the probabilities of success in their campaigns. A conventional phishing campaign plays the long odds of successfully planting a lure mail into the inbox of a consumer who does business with the targeted brandholder and the longer odds, still, of fooling the consumer into helping the phisher commit his crime by responding. "Crimeware improves those odds by, for instance, expanding the number of institutions that can be targeted in a single campaign and removing the necessity of directly deceiving the consumer. Instead of spoofing one brand, the phishers are planting keyloggers that can intercept theoretically the user name and password of customers of any number of institutions," Mr. Cassidy said. The APWG June Phishing Trends Report is available at the APWG website. The URL is: http://antiphishing.org/APWG_Phishing_Activity_Report_Jun_05.pdf About The Anti-Phishing Working Group The Anti-Phishing Working Group (APWG) was formed in 2003 to fight identity theft and email spoofing on the Internet. The group is one of the security industry's pre-eminent consortia, with over 1,700 members from more than 1000 financial services firms, ISPs, security vendors, law enforcement agencies, law courts, regulatory agencies and consumer groups from around the world. The APWG website is www.antiphishing.org. APWG's corporate sponsors include: Able NV, ActivCard (ACTI), Adobe (ADBE), Aladdin Knowledge Systems (ALDN), Anakam, Anonymizer, Brandimensions, Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyota, Cyveillance, Datanautics, DigitalEnvoy, Earthlink (ELNK), Entrust (ENTU), Experian, eEye Digital Security, GeoTrust, GoDaddy, InternetIndentity, Internet Security Systems, Kaspersky Labs, MailFrontier, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), NameProtect, NetIQ (NTIQ), Panda Software, PassMark Security, Quova, RSA Security (RSAS), SAIC, SecureBrain, Sigaba, SOPHOS, Symantec (SYMC), The 41st Parameter, Trend Micro (TMIC), TriCipher, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Websense, Inc. (WBSN) and WholeSecurity. |
