IBM Reports Phishing Surge

Botnets pushed phishing attacks up by 200 percent in May, and e-mail viruses also increased, although the amount of spam remained level, the company reports.

Incidents of the online identity theft scams known as phishing attacks increased by more than 200 percent in May, according to figures released by IBM.

The Armonk, N.Y., company published the new phishing statistics in its May Global Business Security Index. IBM Corp. said that networks of compromised computers known as "botnets" may be responsible for the increase in phishing scams.

The report also found an increase in the percentage of e-mail messages that carry viruses, according to a statement.

The IBM Global Business Security Index is a monthly report that presents information from IBMs network of around 500,000 monitored systems and 2,700 information security professionals.

Phishing statistics were taken from e-mail processed by IBM partner MessageLabs Ltd., an e-mail security company.

Phishing incidents, as measured by the amount of phishing e-mail, surged in May, after dropping off in recent months.

MessageLabs collected 9,139,704 phishing e-mails in May, a 226 percent jump from April, topping the previous record of 7,724,659 phishing e-mails in April, said David Mackey, director of security intelligence at IBM Global Services.

/zimages/2/28571.gifClick here to read more about how phishers strike by using botnets.

Reports of e-mail-borne viruses and Trojan horse programs were also up in May, accounting for just over 3 percent of all e-mail messages, according to MessageLabs data, IBM said.

An increase in the number of networks of compromised "zombie" computers may be responsible for the jump, Mackey said.

The networks are used to pump out high volumes of the e-mail messages and spam that are used in phishing attacks, he said.

IBM is working with other technology companies to try to identify and block "command and control" communications that are used to coordinate the massive botnets, he said.

/zimages/2/28571.gifRead more here about how security researchers are hunting for "command and control" servers that direct botnets.

However, spotting that traffic is difficult. Many botnets use IRC (Internet Relay Chat) to communicate, and the command and control traffic is often indistinguishable from legitimate, outbound IRC chatter, he said.

One sure way to stop the growth of botnets is to educate rank-and-file computer users, who are the most common botnet hosts, about computer security practices, he said. "All these different [computers] need security measures in place, but youre talking about home users and folks who are not tech savvy. Education is a big thing," he said.

Web-based applications are a major weakness in many computer systems, and a frequent point of access for hackers who want to compromise Internet-connected machines, according to IBM.

Even though companies are doing a better job with security applications running on computers, hackers can use vulnerabilities in Web-based applications, like Web banking portals, to compromise end-user systems and grab sensitive consumer information or corporate intellectual property, IBM said.

The report has some good news: The growth in spam e-mail has leveled at 68.7 percent of inbound e-mail traffic, a number that has been stable over the last three months, IBM said.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.