Phishing websites and rogue antivirus programs increased precipitously in the first half of 2009, according to a new report issued by the Antiphishing Working Group.
The number of unique phishing websites reached a high of nearly 50,000 in June, the second highest on record since more than 55,000 phishing websites were recorded in April, 2007. Meanwhile, the number of people downloading and installing rogue antivirus programs is also on the rise, providing a cash cow to cybercriminal gangs. In the first quarter of 2009 alone, more new strains of rouge antivirus were created than in all of 2008, according to the APWG Phishing Trends Report.
The organization, an industry association of security vendors, individual businesses and business trade associations, started in 2003 and has monitored phishing and email spoofing with the goal of finding ways to reduce and ultimately eliminate the problem. The report includes data collected by security vendors Websense Inc. and Panda Security, as well as brand jacking information from Mark Monitor Inc.
Can mutual authentication beat phishing or man-in-the-middle attacks? What's the best way to prevent phishing and man-in-the-middle attacks? IAM expert David Griffeth explains the benefits of mutual authentication over one-way SSL.
Phishing, identity theft keeps law enforcement, researchers occupied: An expert on cybercrime and online scams, Derek Manky, is one of the members of the Fortiguard research team.
Rogue antivirus displays fake pop-up warnings and launches messages in the task bar warning of a possible infection. Once downloaded, the program typically conducts a fake scan of a victim's system and then provides results showing fake infections.
In June, the number variants of rogue antivirus programs increased above 152,000, according to the APWG. The number of rogue antivirus variants detected was four times as many samples as in all of 2008.
Luis Corrons, technical director of PandaLabs, the research arm of Panda Security, said the lucrative business model has attracted new cybercriminal gangs that are helping fuel the increase in rogue antivirus. Panda estimates that victims are shelling out $34 million per month worldwide for rogue antivirus programs. There are currently more than 200 different gangs being tracked by researchers. Ten gangs are responsible for more than 77% of the rogue antivirus samples, he said.
"Unlike with banking Trojans, where you have to infect the user, steal the data, then hire some money mule with rogueware they only have to wait for users to pay," Corrons said. "The user is the one willing to pay in order to disinfect their computer."
According to security experts, the rogueware has been spreading by less sophisticated means. They rely on rouge antivirus-touting website visitors to download and install the program. But phishers have been successful in avoiding detection by legitimate antivirus programs, according to the APWG report. Each downloaded rogue antivirus program contains a slightly different binary file, which tricks signature-based antivirus. In addition, Corrons said the programs themselves don't act maliciously on computers, other than displaying false information, which helps them evade detection from antivirus engines.
The number of rogue antivirus downloads increased more than 217% from Q1 to Q2 of 2009, from more than 133,000 detected infections to more than 423,000 detected infections. The increase could be attributed to the Zlob Trojan, which downloads and installs rogue antivirus software, Corrons said.
In addition, the APWG said the payment-services industry represented the favorite target of phishers, rising over the financial-services industry, which has been the coveted choice for most phishing attacks. Phishing campaigns directed at the payment-services industry rose 16% from the first quarter to the second quarter of 2009. Meanwhile, phishing campaigns directed at the financial-services industry dropped more than 10% during the same period, according to the report.