And says the Anti-Phishing Working Group (APWG), the same Avalanche syndicate was responsible for an overall increase in phishing attacks recorded across the internet.
Details on the Avalanche syndicate were revealed at the APWG's fourth annual counter ecrime operations summit taking place this week in Brazil.
The group reports that the Avalanche phishing gang was responsible for some 66% of all phishing attacks launched in the third and fourth quarters of 2009.
Avalanche, says APWG, successfully targeted some 40 banks and online service providers, and vulnerable or non-responsive domain name registrars and registries.
"Avalanche's impact was unprecedented", said Greg Aaron, director of key account management and domain security at Afilias and the co-author of the study.
"This one criminal group was responsible for two-thirds of the world's phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual internet users were staggering", he explained.
Aaron went on to say that Avalanche is the name given to the world's most prolific phishing gang, and to the infrastructure it uses to host phishing sites.
This criminal enterprise, he says, perfected a system for deploying mass-produced phishing sites, and for distributing malware that gives the gang additional capabilities for theft.
Rod Rasmussen, founder and chief technology officer of Internet Identity and co-author of the study for the AWPG, said that Avalanche's relentless activities led to the development of some very effective counter-measures.
"The data shows that the anti-phishing community – including the target institutions, security responders, and domain name registries and registrars – got very good at identifying and shutting down Avalanche's attacks on a day-to-day basis", he said.
"Furthermore, a co-ordinated action against Avalanche's infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010", he added.
Delving into the report reveals that uptimes have dropped by a third since 2008. Uptimes, says the APWG, are a vital measure of how damaging phishing attacks are, and the drop indicates the success of mitigation efforts.
The study also shows that the amount of internet domain names and numbers used for phishing has remained fairly steady over the past 2.5 years, a period in which the number of registered domain names in the world has grown.