Messaging Pipeline | Bot Networks Behind Big Boost In Phishing Attacks
Free Newsletter GlossaryContact UsAbout Us
One To One Collaboration Servers & Security Business

November 24, 2004

Bot Networks Behind Big Boost In Phishing Attacks

Phishing fraudsters dramatically anted up last month by using automated tools and networks of hacked computers.

Courtesy of

Phishing fraudsters dramatically anted up last month by using automated tools and networks of hacked computers to double the number of sites that illegally collect financial information, the Anti-Phishing Working Group (APWG) said Wednesday.

A massive spike in the number of phishing sites in October lead the group's analysts to conclude that criminals are getting more sophisticated in their attack techniques and technologies. From September to October, phishing sites increased more than 100 percent.

"Some automation had to be involved, with a bot network to either send more e-mails and/or host more sites," said Dan Hubbard, the senior director of security at Websense, one of the two investigators who analyzed the phishing data for the group.

"In October, not only did the amount of reported phishing e-mails increase, but the number of phishing sites that were unique dramatically spiked," said Hubbard. "Once we started investigating the characteristics of those sites, a lot of same traits kept repeating."

The shared characteristics of those phishing sites -- which host phony pages that look remarkably like real credit card, bank, online retailer, or e-payment sites -- ranged from using a little-known Web server to being hosted on broadband-connected systems to running at IP addresses outside the U.S.

More than half of the phishing sites, for instance, are hosted on what appears to be broadband-connected PCs, and the common Web server -- SHS -- is a favorite of phishers, since its small footprint makes it easy to plant on a hacked PC.

"Our suspicion that it's a bot network [behind the increase] is really based on these shared characteristics," admitted Hubbard.

A bot network is a collection of already-hacked machines, often compromised weeks or months earlier by attackers using worms or viruses to plant backdoor components. Those backdoors let the attackers access the machines anytime they want, for any purpose. Spammers, hackers, and other cyber-criminals are thought to be acquiring or renting bot networks to do their dirty work, making it harder for authorities to track down the real culprits.

Scammers probably have other tools at their disposal besides the bot networks, the APWG said. "It appears as though some sort of toolkit is available [to phishers] and/or a set of tools that are being used to produce similar exploits," said Hubbard. Unfortunately, no one has yet "captured" a copy of this toolkit.

"There's no question that we're starting to see more and more sophisticated phishing attacks," said Hubbard. Phishers are running multiple phony sites from one hacked PC, he said, and beginning to blend spyware and phishing tactics to run application-level attacks which plant a keylogger on a machine and then silently watch for passwords or account numbers for specific targets, like an online banking session.

"Multiple brands are being spoofed from the same machine over a few days," he said. "A site will be an eBay spoof one day, PayPal the next, then Citbank. They're getting smarter. Why not host multiple targets on one machine?

"The problem's getting worse," Hubbard admitted. "Not only are the number of phishing sites up and attacks getting more aggressive, but even small targets are being scammed." In the last several days, for instance, Websense sent out alerts that several small banks were being hit with phishing scams. On Tuesday, it discovered the first attack written in Swedish, one that targeted users of the Eurocard.

Nor will they cease anytime soon.

"Just put two and two together," urged Hubbard. "If [scammers] weren't successful we wouldn't see a rise in the sophistication and the number of attacks."

E-mail This Story
Print This Story

Get the latest Messaging news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Messaging Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Messaging Pipeline's Blog RSS Feed

Editorial and vendor perspectives

Editor's Picks
The Six Flavors Of Windows Vista
Microsoft plans to release a full six-pack of Vista versions, one for every taste. Which Vista will be right for you?

Hope is Not Enough When It Comes To Compliance

Three Ways To Authenticate E-Mail And Stop Spam

Wikis In The Workplace

Review: Google Desktop 3

Vendors are now talking about how collaboration can be improved by integrating video with messaging applications. They're even talking about adding live TV to mobile phones. How far do you go before it becomes a bandwidth and business productivity drain?
Video is a great idea
Video is fine but there needs to be size limits
It's never used for anything really productive
I draw the line at live TV

In search of messaging products? Check out our brand new Product Finder for a directory of groupware and collaboration tools, security products, archiving solutions, and more.


Digital Warehouse buys, sells, & rents used Cisco networking hardware such as routers & switches, as well as Juniper, Extreme & Foundry at 50-80% off list price. One year warrantee and fast delivery.

Stop spam on your terms with CanIt-PRO, the most flexible and customizable anti-spam solution available for the mail server. Offers per-user or per-group controls and is available as software or hardware appliance.

Use your Intranet to manage Software Licenses, plan for Windows XP/2000 upgrades, do Security Audits and more. Click to try and ask for our white paper - PC Management for the Internet Age.

Analysts at the Tolly Group put a leading Branch Office IT services solution to the test, measuring performance, security and data reliability. Download the results, detailed in this free report, now.

Whether you need temporary or permanent access to remote PCs, LogMeIn has your solution: LogMeIn IT Reach for automatic maintenance of remote and mobile systems, and LogMeIn Rescue for instant, web-based remote access without pre-installing software.

Sponsored Links:      
 |   |   |   |   |   | 
 |   |   |   | 
 |   |   |   |   | 
Messaging Pipeline  |   |   |   | 
 |   |   |   |   | 
© 2006 | MESSAGING PIPELINE All rights reserved. | |