Rather amazingly, just one crime syndicate stands accused of being responsible for some two thirds of all detected phishing attacks carried out during the last six months of 2009. The so-called Avalanche gang, according to a new report by the Anti-Phishing Working Group (APWG), used highly sophisticated malware to target 40 banks and online service providers as well as vulnerable domain name registrars.

So successful was the Eastern European based gang that not only did its activity account for 66 percent of all phishing attacks, globally, in the second half of 2009, but it caused a spike in reported phishing across the Internet. That's 84,000 of the 126,000 identified fake web sites known to have been used to steal personal information such as credit card and bank account details as well as spread malware.

The Avalanche name does not only apply to the gang behind the unprecedented attacks but also the infrastructure it is using to host those attacks. Rod Rasmussen, founder and CTO of Internet Identity and co-author of the Global Phishing Survey study, insists, however, that coordinated action against that infrastructure "has led to an ongoing, significant, reduction in attacks through April 2010". Although study co-author Greg Aaron, Director of Key Account Management and Domain Security at Afilias, does admit that "the losses by banks and individual Internet users were staggering".

The good news is that in April 2010, only 59 attacks were reported to have been caused by Avalanche.

137 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...