Phishing Longevity Declines in 1H-2009
A latest phishing survey called "Global phishing Survey: Trends and Domain Name Use 1H2009" released by the Anti-Phishing Work Group (APWG) in October 2009 has disclosed that the uptime (longevity) of phishing websites has declined by 25% over the second half of 2008.
Uptime gives a clear measure of the damage a phishing attack may cause - the longer a phishing website remains active, the higher the number of victims there could be. The survey discovered that longevity of a phishing website fell to an average 39 hours in 1H-2009, remarkably down from an average of 52 hours recorded in 2H-2008.
Rod Rasmussen, co-author of the study and chief technical officer of Internet Identity, expressed his content over the positive impact put on the lifetimes of phishing sites, reported Reuters on October 21, 2009.
The study also found that a criminal group called "Avalanche" was behind around 24% of total phishing assaults recorded in the first half of 2009. There are indications that the gang is progressing to claim an even bigger share of all detected phishing assaults.
In addition to this, a big majority of phishing is concentrated in few domain names - only five TLDs (top-level domain). The volume of Internet domain names and numbers used for phishing has been steady in the past couple of years.
Anti-phishing programs at domain name registries can help in reducing the uptimes of phishing assaults. It can also bring significant change in the amount of malicious registrations in those top level domains. The unique attributes of Internationalized Domain Names (IDNs) are not being exploited in phishing, and this trend may perpetuate in future.
Phishers are continuously making use of sub-domain services to host and control their phishing websites. They used these services more often than they used registered domain names through regular registrars. It is a clear indication that phishers are using services which can't be taken down by registry operators or domain registrars.
As per the statement of Greg Aaron, co-author and director of Domain Security, Afilias, the results of the survey highlight that on the Internet, active participation of responsible parties can really help netizens a big deal, reported Reuters on October 21, 2009.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 02-11-2009