RSS Alerts

Related Stories

  • Big phish-hunters make small tank vulnerable
    PhishTank, a mass-participation website used to track phishing sites, is susceptible to voting fraud by criminals, according to researchers at Cambridge University’s Computer Laboratory.
  • Apple under fire over anti-phishing feature
    Apple has come in for criticism on user forums for a new anti-fraud and anti-phishing warning system seen in its Safari Mobile web browser for the iPhone. Forum users report that the feature - seen in v3.1 of the iPhone's operating system - is less than consistent.
  • The user is not the enemy: How to increase information security usability
    People have long been accused of being the ‘weakest link’ in information security, but what if lack of usability and information security training is actually at the heart of the matter? Wendy M. Grossman investigates
  • Swine flu challenges information security
    The recent outbreak of swine flu has thrown up a number of topics related to information security ranging from secure sharing of data between health professionals, to spam / phishing and issues around remote working.
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.

News

One gang corners the market in phish

17 May 2007

One gang is responsible for more than half of all attempted phishing for the likes of online banking log-in details, and has found ways to extend the lives of its web-sites, according to researchers at Cambridge University.

Tyler Moore and Richard Clayton, of the university’s Computer Laboratory, researched phishing by observing how fast phishing web-sites were taken down, logging reports from phish reporting web-site PhishTank then checking to see when the sites changed.

In a paper published on 11 May, Moore and Clayton found repeated evidence of one gang’s activities, known as “rock-phish” after the “/rock” directory it initially used for its web-sites. According to the researchers’ calculations, the gang may be capable of stealing around US$178m a year.

The gang used web addresses starting with apparently genuine bank URLs – but these were irrelevant, as they were followed by other components. The addresses then included a randomized section designed to confuse black-listing web-sites such as PhishTank, then finally the canonical, or real, URL.

In eight weeks from February to April, the Cambridge researchers found 18 680 reports from PhishTank which they believe refer to the rock-phish gang, 52.6% of the reports made to the site. However, the 18 680 reports used just 419 canonical web addresses, each of which targeted multiple banks in parallel, rather than a single bank that most phishing sites attacked.

“Almost everybody in this area has a vested interest in inflating the numbers,” says Clayton, as it seems to show vendors doing more work and it gives the police a reason not to investigate a large number of small-scale incidents.

The researchers say the rock-phish gang has changed its methods rapidly. From February, it introduced a method called “fast-flux”, which switched the internet protocol addresses used by its web-addresses on a rapid basis.

The result of such techniques is to extend the life of rock-phish domains, which the researchers say have a mean average lifetime of 94 hours, with the fast-flux domains lasting 454 hours, compared to ‘normal’ phishing web-site, which last for an average of 58 hours.

“You might think having more banks going up against you meant your sites would be taken down faster,” says Clayton. “In fact, they are being taken down more slowly.”

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water