TMCnet News
Anti-Phishing Working Group Announces Phishing Attack Sites Increased by 29% In November; Report Shows Smart Malcode Is Augmenting Social Engineering Phishing AttacksMENLO PARK, Calif. & CAMBRIDGE, Mass. --(Business Wire)-- Dec. 15, 2004 -- The Anti-Phishing Working Group (APWG) today reported a 29% increase in phishing attack sites reported in November 2004 compared to the previous month. The report also highlights increasing incidents of phishing attacks using malicious code to steal consumers' online banking and credit card credentials, indicating a shift from attacks based purely on social engineering to those based on technical subterfuge. The APWG report says social engineering emails lure users to run programs and visit websites hosting malicious code. "Although the characteristics of the sites containing malicious code are not all the same, most of them wait for end-users to access known financial and e-commerce sites and then either replace the site with their own hosted version or capture the keystrokes of the end-user. Keyloggers also have been part of many blended attacks and have spread through many recent highly publicized worms," analyst Dan Hubbard of Websense wrote. The news is disquieting, given advances on other fronts being achieved by organized crime operatives running phishing scams. "We've already seen indications that phishers are already commanding automated distribution systems, apparently leveraging BOTnets, known as zombies. Those resources, combined with conventional keylogging and other innovative malicious code is a threat scenario that could deliver more penetrating attacks," said David Jevans, Chairman of the AWPG. The full text of the report is available online at: http://www.antiphishing.org/APWG Phishing Activity Report - November 2004.pdf The Anti-Phishing Working Group The APWG is the global counter-phishing organization of stakeholders confronting the phishing threat, including national law enforcement agencies, global banks and financial institutions, national ISPs, ISVs and hardware vendors and e-commerce companies. The group, formed in 2003, has more than 1000 members worldwide from some 677 companies, government regulatory agencies and law enforcement bureaus, as well as 70 sponsors including: ActivCard (ACTI), Affinity, Anakam, Cloudmark, Cyota, Cyveillance, Datanautics, Entrust (ENTU), Experian, GeoTrust, GoDaddy, MarkMonitor, McAfee (MFE), MessageLevel, Microsoft (MSFT), NameProtect, NetIQ (NTIQ), PassMark, SAIC, RSA Security (RSAS), Symantec (SYMC), Trend Micro (TMIC), Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Visa Canada, Websense, Inc. (WBSN), WholeSecurity, 0Spam.net. |
