APWG Report Finds a Single Electronic Crime SyndicateResponsible for Most Phishing Attacks in Second Half of 2009
May 2010 by APWG
A single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 — and was responsible for the overall increase in phishing attacks recorded across the Internet, according to a report released today by the Anti-Phishing Working Group (APWG).
“Avalanche’s relentless activities led to the development of some very effective counter-measures.”
The report authors found that the Avalanche phishing gang was responsible for some 66 percent of all phishing attacks launched in 2H2009. Avalanche successfully targeted some 40 banks and online service providers, and vulnerable or non-responsive domain name registrars and registries.
"Avalanche’s impact was unprecedented," said Greg Aaron, Director of Key Account Management and Domain Security at Afilias and co-author of the study. "This one criminal group was responsible for two-thirds of the world’s phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual Internet users were staggering."
"Avalanche" is the name given to the world’s most prolific phishing gang, and to the infrastructure it uses to host phishing sites. This criminal enterprise perfected a system for deploying mass-produced phishing sites, and for distributing malware that gives the gang additional capabilities for theft.
Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, said, "Avalanche’s relentless activities led to the development of some very effective counter-measures." Rasmussen explained, "The data shows that the anti-phishing community — including the target institutions, security responders, and domain name registries and registrars — got very good at identifying and shutting down Avalanche’s attacks on a day-to-day basis. Further, a coordinated action against Avalanche’s infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010."
Aaron and Rasmussen are reporting their findings today at the APWG’s fourth annual Counter eCrime Operations Summit, an international conference for industry and law enforcement professionals who respond to electronic crime and protect consumers and businesses from electronic crime.
The new report also contains analysis of other phishing trends. Key findings and highlights include:
Phishing uptimes have dropped by a third since 2008. Uptimes are a vital measure of how damaging phishing attacks are, and the drop indicates the success of mitigation efforts. The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two-and-one-half years, a period in which the number of registered domain names in the world has grown. The great majority of phishing continued to be concentrated in certain name spaces — just five top-level domains (TLDs). The study is available at: