Anti-Phishing Working Group March 2005 Report; Phishing Still on Rise - Keyloggers and Crimeware Advancing

Business Wire, April 29, 2005

CAMBRIDGE, Mass. -- The Anti-Phishing Working Group (APWG) today reported that phishing attacks continue to grow, and that phishers are deploying new technologies that completely avoid tell-tale indicators of phishing attacks such as spoofing a bank identity. Phishers are using phishing sites to secretly download criminal malware, "crimeware", onto consumer PCs to capture login and password credentials and other personal information.

The numbers of email-based phishing attacks grew modestly at around 2% according to Tumbleweed Communication's reported estimates, though the servers supporting those attacks surged by nearly 7%. Phishers continue to focus on financial institutions with 12 new hijacked brands in March - nine of which were financial institutions, clear continuation of a months-long trend in which phishers have targeted more, and often smaller, financial institutions.

The APWG reported that over the last two months, Websense(R) Security Labs(TM) has seen a dramatic increase in the volume of crimeware attacks. From February through March, researchers discovered 8-10 new keylogging systems per week, and more than 100 crimeware-hosting websites per week - up from 1-2 keylogging variants and 10-15 crimeware-hosting websites per week recorded during November and December of 2004.

"Any Internet communications medium can be a delivery mechanism for crimeware," said APWG Secretary General Peter Cassidy. "The goal of the phisher is shifting from tricking consumers into submitting their credentials at counterfeit websites to finding any means to plant crimeware on PCs. Relatively few of us have been fooled in phishing attacks - but who among us can say we've never had to pull malware - now mutating into crimeware - from a PC?"

Report highlights as follows:

Number of active phishing sites reported in March: 2870

Average monthly growth rate in phishing sites July 2004 through March 2005: 28%

Number of brands hijacked by phishing campaigns in March: 78

Country hosting the most phishing websites in March: US

Contain some form of target name in URL: 31%

No hostname just IP address: 48%

Percentage of sites not using port 80: 3.89%

Average time online for site: 5.8 days

Longest time online for site: 31 days