Phishing By The Numbers: 609,000 Blocked Sites in 2006


The Netcraft Toolbar blocked more than 609,000 confirmed phishing URLs in 2006, an enormous jump from just 41,000 in 2005. The volume of attacks grew gradually until the final quarter of the year, when the number of blocked sites soared as attackers perfected techniques to automate and propagate networks of spoof pages. These networks were replicated across botnets, creating a huge jump in submissions and confirmed phishing sites. Blocked URLs ranged between 1,000 and 20,000 per month before ramping up to 45,000 in October, 135,000 in November and more than 277,000 in December.

The dramatic surge in attacks was fueled by new tools to rapidly deploy entire networks of phishing sites on cracked web servers. These packages, known broadly as Rockphish or R11, each included dozens of sites spoofing major banks, and could be unzipped in a subdirectory of a hacked site to create an instant phishing network. By using a common directory structure and sophisticated DNS management, phishers created dozens of spoof sites with subdomains including the name of the target institution. These networks were installed on large numbers of compromised machines in botnets, organized with management tools that allowed attackers to rapidly add and redirect sites within their networks. Netcraft: Phishing By The Numbers: 609,000 Blocked Sites in 2006

Linked by shanmuga Monday, 15th January 2007 11:59PM