Network News

X My Profile
View More Activity

Phishing Scams Soared in October

The number of phishing Web sites set up to impersonate banks and steal people's financial and personal data skyrocketed in October to 37,444, the highest on record, according to stats released this week.

The Anti-Phishing Working Group reports that 52 percent more phishing sites were recorded on the Internet than a month earlier and nine times as many as were spotted in October 2005. The steep increase coincides with a massive spike in the volume of spam circulating on the Internet. According to e-mail security firm Postini, 90 percent of all e-mail these days is spam.

Experts say much of the spike in phishing sites is due to the increasing popularity of a fraud method known as "Rockphish," which can deflect the most common security responses to phishing scams. Security experts and anti-phishing groups often put pressure on domain name registrars to cancel fraudulent domains or lobby Internet service providers to take down the phishing Web sites altogether.

But in Rockphish attacks, multiple phishing scams targeting different banks are placed on the same Web server. Each individual scam page is assigned to an Internet subdomain that for a short time is tied to an Internet address of a compromised computer that the phishers control. When a would-be victim clicks on a link in a Rockphish scam, they are routed through the drone PC to the correct scam page, depending on a special code specified in the e-mailed link.

The result is that even if law enforcement or security experts manage to take down the infected PC responsible for relaying traffic to one of the scam sites, the effect of that take-down is usually only temporary as the attackers can simply substitute another bot-infected machine. In other words, "Rockphishing" makes it more difficult for security experts to find the true location of phishing servers.

To get a sense of how aggressive these Rockphish attacks can be, consider this: One avid phish-fighter I interviewed last week who asked to remain anonymouse told me of his recent battle with a single Rockphish attack that generated some 2,000 unique phishing Web addresses in just two days.

Rockphish attacks appear to be a response to the proliferation of browser-based anti-phishing toolbars and technologies. By repeatedly and quickly changing the Internet addresses of phishing sites, the phishers are clearly trying to put a serious strain on the blacklisting approach used by most anti-phishing tools.

By Brian Krebs  |  December 12, 2006; 10:50 AM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Finding the Free Version of AVG 7.5 Anti-Virus
Next: Microsoft's Monthly Patch Release Plugs 11 Security Holes


anonymouse ?

The blacklist approach is clearly going to be a stopgap. Heuristics that look at the web page and the host domain for comparison purposes will eventually have to be the tool to automatically check.

Posted by: DBH | December 12, 2006 11:07 AM | Report abuse

This shows the limits of Blacklisting. Strong, mutual authentication will be needed.

Posted by: Nick Owen | December 12, 2006 12:27 PM | Report abuse

Computer security, phishing all fall in line to open the unwary to scams.
One such place it is prevalent, is the large auction site Ebay.
Users are phished for their ID and password. The scammers then sell or trade these lists. Offer items for sale, usually putting a free email account in the auction description.
They tell the unwary to contact them using that email, and not the messages in ebay. They unwary or naive buyer, then contacts them, and sends money using Western Union.
A couple of sites,that are trying to combat the scammers are and
A group of individuals in various countries, linked together to fight the scammers.

Posted by: darkstone2006 | December 12, 2006 11:55 PM | Report abuse


Posted by: FAKE YOU | January 3, 2007 12:54 PM | Report abuse

Your column suggests a work around for QuickTime users having them turn off "Streaming Movies" completely to avoid the RTSP risk ... why not click the Arrow head next to the Streaming Movies check box and simply turn off the RTSP in the resulting drop box?

Posted by: Apple User | January 4, 2007 10:26 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company