Web Malware Up 89%, Avalanche Cybergang Re-emerges

Q3 eCrime Report reveals unique malware URLs increased 89 percent; traditional phishing down

November 2, 2011

4 Min Read


TACOMA, Wash. – November 1, 2011 – IID (Internet Identity'), a provider of technology and services that help organizations secure their Internet presence, today released its Third Quarter eCrime Report that revealed websites loaded with malware (malicious software) increased a massive 89 percent in the third quarter compared to Q2 2011. According to the IID report, the most impersonated organizations include the FDIC, U.S. Federal Reserve, IRS and NACHA (National Automated Clearing House Association). IID attributed the large increase in malware sites to the reemergence of the Avalanche phishing gang, which was responsible for two thirds of all the phishing attacks that took place in the second half of 2009.

“We knew Avalanche would resurface and it is apparent that they have made a conscious decision to provide their massive botnet as an infrastructure for hire. The most prevalent use of their network are sites that attempt to get victims to install malware on their computers,” said IID President and CTO Rod Rasmussen. “Cybercriminals are always trying to adapt to the latest security methods and threat awareness, and as an industry we must stay one step ahead of these increasingly sophisticated cyber gangs.”

Once malware is on a victim’s computer, the perpetrator can monitor or control both personal and business computer activity — enabling them to steal data, send spam, and commit fraud. Criminals lure people in by creating appealing websites, desirable downloads and compelling stories, then trap unsuspecting victims, often through “drive-by” websites where malware automatically installs.

Traditional Phishing Decrease

In keeping with these findings, IID also noted in its report that traditional phishing attacks, where cybercriminals attempt to swindle sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an online exchange, dropped eight percent in the third quarter compared with Q2 2011. Similarly, IID found an 11 percent year over year decline in traditional phishing attacks between Q3 2011 and the same quarter in 2010. Money transfer and e-commerce phishing showed the largest areas of decline while phishing attacks impersonating national banks stayed strong.

In addition to the shift to malware, IID attributes this decrease to significant security steps taken by Facebook, Google, Microsoft and others, noting three major events:

After suffering a 600 percent increase in phishing attacks in Q2, 2011, the .tk registry partnered with IID, Facebook and the Anti-Phishing Alliance of China (APAC) to secure the .tk top-level domain. The agreements allow IID, Facebook and APAC to connect their anti-abuse systems with .tk's domain name database, enabling .tk domain names to be blocked immediately when an electronic report of wrongdoing is received. .tk phish dropped 40 percent in the third quarter.

Google de-indexed the entire second-level domain co.cc since it has historically been home to excessive fraudulent activity. This means the estimated 11 million co.cc websites are blocked from appearing in Google’s search engine results.

Microsoft took down the Kelihos botnet, a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. That botnet reportedly consisted of a network of 41,000 infected computers capable of sending billions of spam emails per day.

Sources of data and background for the IID 2011 Third Quarter eCrime Trends Report include IID's own security experts and some of the world’s leading security and Internet infrastructure organizations like ICANN (Internet Corporation for Assigned Names and Numbers) and APWG (Anti-Phishing Working Group). The report, along with past eCrime studies, can be found at www.internetidentity.com/resources/trend-reports.

About IID

IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently introduced a number of unique approaches to secure organizations’ use of Internet infrastructure with ActiveTrust' BGP, ActiveTrust DNS, and ActiveTrust Resolver and TrapTrace. IID also provides anti-phishing, malicious software (malware) and brand security solutions for many of today’s leading financial services firms, and e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights