Report Cites Increase in Phishing Attacks, New Techniques

A report from MessageLabs notes a rise in phishing tool kits and more aggressive tactics.

A new report by Web and messaging security provider MessageLabs sees an increase in phishing and targeted attacks at executives as fixtures on todays online threat landscape.

The September 2007 MessageLabs Intelligence report states that one in every 87.2 e-mails is a phishing attack. The figure represents a slight increase over what was previously the highest level ever recorded by U.K.-based MessageLabs—one in every 93.3 emails—back in January.

When judged as a proportion of all e-mail-borne threats such as viruses and Trojans, the number of phishing e-mails accounts for 56 percent of all malware threats intercepted in September, the report reads.

The researchers attributed the growth in phishing attacks to more aggressive phishing techniques as well as the spread of phishing kits. One such kit popularized the "rock phishing" technique first seen in November 2005.

"Although [the rock phishing] kit has not been widely distributed beyond a few select criminal enterprises, other similar tool kits are more readily available on the black market and enable non-technical criminals to conduct more sophisticated attacks more easily," according to the report.


Click here to read about a security researcher who went undercover to scam the phishers.

"These techniques allow for each compromised computer within a botnet to host multiple phishing sites at the same time, and coupled with the use of fast-flux DNS techniques enable these sites to be replicated across the whole botnet, making them more difficult to shut down."

In addition, the study contained some bad news for C-level executives. On Sept.12, more than 1,100 C-level and senior management executives became the target of an attack researchers believe originated from the same perpetrators as an e-mail assault on June 26. The e-mails, which purport to be from a recruitment company, use a Microsoft error message to persuade the victims to click on the RFT attachment. The attachment contains an executable that drops two files onto the computer, which in turn will be used to pass sensitive information back to the attacker.

"Two years ago the number of such attacks accounted for one to two incidents per week," said Paul Wood, a senior analyst at MessageLabs. "One year ago this rose to one to two per day. This year it has risen to around seven to 10 per day."

The reason, Wood opined, is the increased availability of tool kits to assist in the creation of these attacks and the availability of malware service providers. While in the past the targets of such attacks were typically large, multinational organizations, todays victims include smaller businesses, he said.

"The sharp upward curve we have seen in targeted attacks post June 26 is indicative of more criminal gangs moving into the area of intellectual property theft and is striking growth by any one measure," Wood explained.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.