Phishing With A Redirector Code
Anti-Phishing Working Group (APWG) reported on 11th September 2006 that online phishing scams reached a record high level in July. 157 commercial brands had been victimized reflecting an increase of 18% compared to June. According to Dave Jevans, APWG chairman, the targets were small institutions, Internet Service Providers, and government agencies.
Around 2005, APWG had identified only 71 commercial brands falling victims of phishing scams. Over the years, the number of brands has doubled indicating that online criminals spread their area of attack over a wider range of organizations and financial institutions, said Dan Hubbard of Websense.
The increase in hacked commercial brands is accompanied with new phishing websites by 41% as found in July. The number of fake websites reported stands at 14,191.
As phishing techniques get more advanced the sale of 'Crimeware' toolkits is becoming popular. For example a Russian group of online traders have been selling hacking toolkits. There is also a substantial increase in the sale of "traffic redirectors".
Redirector is a malicious code that takes the Internet user to an undesirable website. Although simple the tool is very effective in spreading malware. It can change the original DNS settings to connect to a fake DNS server. This makes an online banking site lead to a fake website with similar interface, which unsuspecting users cannot detect.
According to APWG, attackers find this method very promising as it can redirect any of the user's requests on any occasion. Users in turn can hardly know what is happening as they could themselves be entering the address and not receive an e-mail or Instant Message in return.
Recent phishing news reported by APWG says that US is on top of the list of countries hosting the maximum phishing sites infected with trojans and other spyware programs. US with 27.8 percent are trailed with big margins by Russia in the second place with 19.2 percent and then Brazil with 6.1 percent.
Phishing is becoming a common online threat and infecting widely across nations of the world. To prevent users from phishing attacks security experts recommend use of quality anti-phishing and anti-spam software with routine updates.
Related article: Phishing Hits N.Ky. Chamber of Commerce
» SPAMfighter News - 18-09-2006