Phishing Attacks on the Wane
Phishing attacks have fallen out of favor among cyber crooks who make a living stealing personal and financial information, according to a report released this week by IBM. Instead, attackers increasingly are using malicious Web links and password-stealing Trojan horse programs to filch information from victims, the company found.
The analysis from X-Force, IBM's security research and development division, notes that Trojan horse programs are taking the place of phishing attacks aimed at financial targets. The company found that throughout 2008, phishing volume was, on average, 0.5 percent of overall spam volume. In the first half of 2009, however, phishing attacks fell to an average of 0.1 percent of spam volume. The targets of phishing attacks also changed, IBM says: In the first half of 2009, 66 percent of phishing schemes targeted the financial industry, down from 90 percent in 2008.
I looked at the number of phishing sites tagged over the past few years by Phishtank.com, which tries to crowdsource the identification of phishing sites. The decline in phishing became particularly noticeable in 2009. In August 2008, Phishtank members had identified more than 11,616 distinct phishing Web sites. By comparison, the community has turned up fewer than 3,330 of them this August (click the image below for a larger version of my no-frills graphic, based on Phishtank's monthly data).
IBM says the number of new malicious Web links is up 508 percent in the first half of 2009. Many of these links appear on trusted sites, such as search engines, bulletin boards, personal Web sites, online magazines and news sites, the report says.
"There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware," writes X-Force Director Kris Lamb. "We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk."
These legitimate sites typically are mass-hacked through common Web site vulnerabilities or misconfigurations, such as those that allow so-called SQL injection attacks, in which criminals inject malicious code into Web sites with the goal of infecting visitors. IBM found SQL attacks rose 50 percent from the last quarter of 2008 to the first quarter of 2009, and then nearly doubled in the second quarter of this year.
Web vulnerability scanning firm ScanSafe recently blogged about some 55,000 Web sites mass being compromised with malicious links via SQL vulnerabilities. Several other major mass-compromises resulting from SQL weaknesses were discovered earlier this year.
If you operate a Web site, there are some decent, free tools available to help protect your site from SQL attacks. I wrote a column about them last year, and some of our loyal readers suggested their own favorite tools in the comments section.
The malicious links most often left behind on hacked sites are known as "IFRAMES", or lines of scripting code that invisibly redirect the user's browser to a site that tries to install a Trojan horse program. The noscript and request policy add-ons for Firefox can help users load only the scripts they want for any Web page, and are among the best lines of defense against malicious scripts.
A copy of the IBM report is available here (PDF).
August 27, 2009; 12:39 PM ET
Categories: Fraud , Latest Warnings , Safety Tips | Tags: ibm, phishing, sql injection
Save & Share: Previous: U.K. Govt: Spammers Before Downloaders?
Next: Snow Leopard's Anti-Malware Feature
Posted by: firstname.lastname@example.org | August 28, 2009 12:36 AM | Report abuse
Posted by: email@example.com | August 28, 2009 12:39 AM | Report abuse
Posted by: elibake | August 28, 2009 11:41 AM | Report abuse
Posted by: amthmi | August 28, 2009 2:26 PM | Report abuse
Posted by: BTKrebs | August 28, 2009 4:37 PM | Report abuse
Posted by: saviolau | August 28, 2009 8:35 PM | Report abuse
Posted by: bobl4 | September 1, 2009 12:15 PM | Report abuse
Posted by: pmoriarty | September 1, 2009 12:20 PM | Report abuse
The comments to this entry are closed.