Symantec Reports Rise in Toolkits Used for Phishing Attacks in May 2009

According to a security company Symantec, spam and phishing are closely interconnected because spammers launch phishing assaults to gain entry into victims' accounts set up on social networking websites such as Facebook and Twitter.

In its June 2009 State of phishing report, Symantec discovers that the early phishing attacks against Facebook that occurred during May 2009 happened through fake spam mails. Nevertheless, once hackers compromised the users' accounts, they launched the future attacks through the social site itself, reports Symantec.

Furthermore, 42% of phishing sites detected in May 2009 were produced with the help of phishing toolkits, according to the report. In fact, the total number of attacks using toolkits rose cent percent during May 2009 that was twofold of the rate reported during April 2009.

In detail, Symantec says that it saw an unexpected increase in the total number of attacks using phishing toolkits during the 1st week of May 2009, and these attacks chiefly targeted the financial services and information sectors.

Symantec tries to find the reason behind this increase in phishing attacks with automated toolkits. It discovered that the revival of phishers attacking well known information services companies was the prime reason. Symantec also found that 58% of the total attacks originated from distinct phishing URLs that targeted over 206 known brands.

The domain names used for hosting the phishing websites were chiefly a collection of randomly produced names that contained a country code. This code suggested that the majority of the websites originated from China and Latvia.

Phishing scammers put IP addresses into the hostnames rather than domain names, a trick to keep the phony domain name hidden that otherwise could be easily noticed.

In addition, about 1,237 phishing websites had their hosts in 77 countries. As a result, there was an approximately 2% increase in IP attacks over April 2009.

Therefore, based on the report's findings about phishers and phishing, Symantec emphasizes that end-users should be made aware about the threats and IT personnel should take precautions to ward off phishing attacks.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

» SPAMfighter News - 6/12/2009