66% of the world's phishing came from one group

phishing-A single criminal group was responsible for two-thirds of all phishing attacks in the second half of last year. Busy bees, eh? Apparently, this operation are responsible for a two-fold increase in the crime too.

The Avalanche gang are believed to have formed from the ashes of the Rock Phish group, who some suggest were responsible for half the world's phishing attacks before effectively disappearing a couple of years ago.

"Avalanche uses the Rock's techniques but improved upon them, introducing greater volume and sophistication," the report, released by the Anti-Phishing Working Group, stated.

The use of things called 'fast-flux botnets' which host phishing sites, were key to Avalanche's successes. The use of peer-to-peer makes it nigh-on impossible for an ISP to pull the plug on the infrastructure. Sneaky.

It is reported that there were 126,697 phishing attacks during the second half of 2009, which is more than double the number in the first half of the year. Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.

However, the group may be a victim of its own success.

"During an Avalanche campaign, it was not unusual for the target institutions, the relevant domain name registrar(s), a domain name registry, and other responders and service providers to all be aware of the campaign and working on mitigation at the same time," the report stated. "As a result, Avalanche attacks had a much shorter average uptime than non-Avalanche phishing attacks, and community efforts partially neutralized the advantage of the fast-flux hosting."

Err. Right. I can't pretend to know what that all actually means.



  • Ballu
    all sounds a bit phishy to me... the avalanche gang must now be piste off.
  • mark M.
    it's snow joke when it happens to you
  • Chris
    Typical, ripping off the FF VII freedom fighter group name... Barrett would kick all of their asses. "GOD $%^£!"
  • Awah S.
    WTF is dis real?
  • The B.
    "introducing greater volume and sophistication" Sophistication is not a word I'd associate with phishing, has anyone ever received a phishing mail where all of the words were spelled correctly let alone being grammatically correct? I certainly haven't.

What do you think?

Your comment