The rogue software, which is distributed using fake warnings generated by malicious infected websites, has proven to be a lucrative means for criminals to earn money, according to the Anti Phishing Working Group, the non-profit organization.
The number of strains rose steadily throughout the year, reaching 152 197 in June. In the first quarter of this year, more strains were created than in the whole of 2008, it said. The second quarter saw four times the number of strains appear as during the whole of last year.
The strains are being created using server-side polymorphism to create slightly different binaries each time the software is downloaded, according to the group. This helps the software to avoid detection by legitimate signature-based anti-virus programs, said the report, which added that behavioral analysis is of limited use because the programs do not always act maliciously on computers.
This may have been at least partly the cause for a shift in the types of malware seen in the first half of this year. The report showed that crimeware-specific malware (designed specifically to target financial institutions' customers) and data-stealing malware receded as a proportion of the total malware landscape. In January, crimeware-specific programs accounted to 7% of all malware. By June, this had fallen to 3%.
Other significant trends included a dramatic growth in the number of unique websites using brand/domain pairs for phishing, said the report. Brand/domain pairs use a website domain to target a specific brand for phishing purposes. The report measured the number of servers being used for brand/domain pairs, rather than merely the number of websites, because several phishing websites may be operating on the same server.
The APWG found the number of unique brand/domain pairs rising to an all-time high of 21 085 in June, increasing 92% from January's total. It also noted a near-all-time high in the number of unique fishing URLs detected. They reached 49 084 in June, representing the second highest count since April 2007.
The number of URLs per brand also increased, reaching 190 in June – double the 81 recorded in February this year. Significantly, though, the number of brands hijacked by phishing campaigns dropped from 294 in January, to 259 in June, indicating that there are more URLs for a smaller number of targeted brands.