“We knew Avalanche would resurface and it is apparent that they have made a conscious decision to provide their massive botnet as an infrastructure for hire. The most prevalent use of their network are sites that attempt to get victims to install malware on their computers,” said IID President and CTO Rod Rasmussen. “Cybercriminals are always trying to adapt to the latest security methods and threat awareness, and as an industry we must stay one step ahead of these increasingly sophisticated cyber gangs.”
Once malware is on a victim’s computer, the perpetrator can monitor or control both personal and business computer activity — enabling them to steal data, send spam, and commit fraud. Criminals lure people in by creating appealing websites, desirable downloads and compelling stories, then trap unsuspecting victims, often through “drive-by” websites where malware automatically installs.
Traditional Phishing Decrease
In keeping with these findings, IID also noted in its report that traditional phishing attacks, where cybercriminals attempt to swindle sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an online exchange, dropped eight percent in the third quarter compared with Q2 2011. Similarly, IID found an 11 percent year over year decline in traditional phishing attacks between Q3 2011 and the same quarter in 2010. Money transfer and e-commerce phishing showed the largest areas of decline while phishing attacks impersonating national banks stayed strong.
In addition to the shift to malware, IID attributes this decrease to significant security steps taken by Facebook, Google, Microsoft and others, noting three major events:
After suffering a 600 percent increase in phishing attacks in Q2, 2011, the .tk registry partnered with IID, Facebook and the Anti-Phishing Alliance of China (APAC) to secure the .tk top-level domain. The agreements allow IID, Facebook and APAC to connect their anti-abuse systems with .tk's domain name database, enabling .tk domain names to be blocked immediately when an electronic report of wrongdoing is received. .tk phish dropped 40 percent in the third quarter.
Google de-indexed the entire second-level domain co.cc since it has historically been home to excessive fraudulent activity. This means the estimated 11 million co.cc websites are blocked from appearing in Google’s search engine results.
Microsoft took down the Kelihos botnet, a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. That botnet reportedly consisted of a network of 41,000 infected computers capable of sending billions of spam emails per day.
Sources of data and background for the IID 2011 Third Quarter eCrime Trends Report include IID's own security experts and some of the world’s leading security and Internet infrastructure organizations like ICANN (Internet Corporation for Assigned Names and Numbers) and APWG (Anti-Phishing Working Group). The report, along with past eCrime studies, can be found at www.internetidentity.com/resources/trend-reports.
About IID
IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently introduced a number of unique approaches to secure organizations’ use of Internet infrastructure with ActiveTrust' BGP, ActiveTrust DNS, and ActiveTrust Resolver and TrapTrace. IID also provides anti-phishing, malicious software (malware) and brand security solutions for many of today’s leading financial services firms, and e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.