Phishers Spoof Record Number Of Brands

Phishers counterfeited a record number of commercial brands as the criminals reached into ever smaller corners of the Internet, the Anti-Phishing Working Group (APWG) reported Monday.

The APWG's monthly cyber-crime summary said that 157 brands were hijacked by e-mailed phishing campaigns during July, a jump of 18 percent over June and 12 percent over the previous record, set in May.

"Criminals are spoofing the brands of smaller financial institutions, ISPs [Internet service providers], and even government agencies," said Dave Jevans, the chief executive of IronKey Inc.," and the chairman of the APWG.

A year ago, the APWG recorded only 71 brands that were spoofed by phishers. "The number of brands has more than doubled, illustrating that online criminals are simply not settling for the large, popular organizations and financial institutions," added Dan Hubbard, the head of research at security vendor Websense Inc., in a statement.

The increase in the number of victimized brands was joined by an even larger bump in the number of new phishing sites detected in July: the APWG reported 14,191 bogus sites, another record. The July count marked a 41 percent increase over June, and was 18 percent higher than May's former record of 11,979 sites."Nobody is immune from attack," said Jevans.

Hubbard noted that phishing attacks are going more complex, and as evidence pointed to several specific July campaigns, the continued sale by a Russian group of a do-it-yourself hacking toolkit, and a large increase in the use of traffic redirectors.

Redirectors -- code embedded in malware that redirects users to an unintended IP address -- may be relatively simple, but they're effective, the APWG report said. "The highest volume [of redirectors] is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server."

The phony DNS server typically directs most requests to the "good" domains, but some page requests -- those for a bank's online log-in URL, for instance -- are instead redirected to bogus, but believable, sites.

"This is particularly effective because the attackers can redirect any of the user's requests at any time, and [they] have very little indication that this is happening as they could be typing in the address on their own and not following an e-mail or IM lure," said the APWG.In other phishing news, the APWG also reported that the U.S. retained the dubious honor of first place as the country hosting the most phishing sites infected with Trojans and other spyware-like downloaders (the most dangerous kind of phishing URLs). Russia, which took second with 19.2 percent, and Brazil with 6.1 percent, both trailed the U.S.'s 27.8 percent by wide margins.