Avalanche the most prolific phishing group of 2009

Share this article:
A criminal phishing group called Avalanche was responsible for nearly a quarter of all phishing attacks identified during the first half of this year, according to a recently released Anti-Phishing Working Group (APWG) report.

“Avalanche began attacks in December 2008 and ramped up significantly in early 2009, quickly becoming the most prolific and dangerous operation on the internet,” the report states.

The Avalanche cybercrime group, which has spoofed more than 30 financial institutions, along with other online services and job search companies, was responsible for 24 percent of all phishing attacks during the first half of the year, according to the APWG's Global Phishing Survey, released last week.

“These attacks involve domain names registered by the phishers, set up on name servers controlled by the phishers, and hosted on a fast-flux network of apparently compromised consumer-level machines,” the report states.

Fast-flux hosting often increases the longevity of an attack site because it makes it more difficult to get the domain taken down, the report states.

The Avalanche gang registers domains at one to three registrars at a time, looking for potentially inattentive or vulnerable domain registrars that will not notice the crimes being committed, the report concluded. In one attack, for example, the gang chose a registrar in small country and used stolen credit card numbers from consumers in that country to evade detection. If a registrar does suspend the domains, the Avalanche gang simply begins registering domains elsewhere.

Even though the Avalanche gang uses fast-flux hosting, its attack sites stayed up for a significantly shorter period of time than other phishing sites, the report states. On average, a phishing site during the first quarter of the year stayed up 39 hours, while Avalanche sites lasted roughly 18 hours.

Registrars are highly aware of this criminal group, the report states. Also, Avalanche domains are often registered with stolen credit cards, and registrars are generally quick to cancel fraudulently registered domains. But the Avalanche gang hasn't pared down its phishing efforts just because the effectiveness of its fast-flux network is in question.

“Avalanche attacks increased significantly into the third quarter of the year, and preliminary numbers indicate a possible doubling of attacks in the summer of 2009,” the report states.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.