A single cybercrime group called "Avalanche" was responsible for nearly one-quarter of all identity theft-related phishing attacks in the first half of 2009, according to a new report by the Anti-Phishing Work Group (APWG).
According to the report, phishing sites on Avalanche domains target the commercial banking platforms of more than 30 financial institutions, major on-line services, and job search providers.
Social-engineered malware downloads are also being distributed from these same domains. These attacks involve domain names registered by the phishers, set up on name servers controlled by the phishers, and hosted on a fast-flux network of apparently compromised consumer-level machines. This fast-flux hosting makes mitigation efforts more difficult -- calling the Internet Service Provider to get a site or IP blocked is not effective, and the domain name itself must be suspended at the registrar or registry level.
The APWG said the Avalanche phishing kit accounted for a whopping 24% (13,334) of all phishing attacks seen during 1H 2009. However, since each domain is used to mount up to 30 attacks, this only represents about 8% of all domains used for phishing, the group said.
[...]The APWG said Avalanche attacks increased significantly into the third quarter of the year, and preliminary numbers indicate a possible doubling of attacks in the summer of 2009.
Read the full report [PDF from apwg.org]