DNS - Phishing Attacks Drop in Second Quarter of 2010

Phishing attacks dropped in the second quarter of 2010 year-over-year, according to a report released by Internet Identity (IID), a provider of technology and services that help organizations secure Internet presence.

The Second Quarter Phishing Trends Report revealed that phishing attacks were down 10 percent from April to June 2010 compared to the second quarter of 2009. However, this drop did not result in decreased phishing attacks targeting e-commerce, gaming, web services and social networking sites. The report noted that phishing attacks significantly increased.

The report stated that Phishing attacks by Avalanche, one of the most prolific cyber criminal gangs -- responsible for two-thirds of the world’s phishing attacks in the second half of 2009 -- have essentially disappeared.

However, it has turned to distributing Zeus malware, the report noted. This malware is capable of hijacking computers, then stealing banking, social networking and email account logins, and making that information available as part of a criminal network.

There has 12 percent year-over-year increase in Non-Avalanche phishing attacks filling much of the void left by the disappearance of Avalanche phish, according to the report. Also, traditional bank phishing continues to comprise about 50 percent of overall phishing. However, that is down from almost 60 percent in Q2 2009.

The report stated that the U.S. increased its share while retaining the top spot for overall phish hosting volume; Canada jumped from seventh to second. And, domain name system (DNS) hijackings continued to proliferate, as several major brands were taken over in Israel.

"While significant strides have been made in fighting phishing, cyber criminals are continuing to invent new methods for their attacks. This has become apparent with the most prolific phishers we’ve ever tracked now concentrating almost solely on distribution of Zeus malware – with great effect,” said Rod Rasmussen president and CTO at IID.

However, it’s imperative that organizations keep their phishing guard up in the coming months, because we’ve seen plenty of new phishing campaigns launched against an even wider range of target organizations, Rasmussen added.