Advertisement
Promo

Security threats Toolkit

US tops phishing league

Dan Ilet ZDNet.co.uk

Published: 28 Feb 2005 13:55 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The United States hosts more online scamming and identity theft Web sites than any other country, a leading security think tank has found.

According to an Anti-Phishing Working Group (APWG) report on January's phishing activity, 32 percent of scammers' Web sites were hosted in the United States. China was found to be in second place, hosting 13 percent, with Korea and Japan in third and fourth places with 10 percent and 3.1 percent respectively.

These sites are typically hosted on the computers of unsuspecting users, which have been compromised by hackers working in league with the criminals running these phishing attacks.

"There is an incorrect assumption that scammers put up their machines in the Far East or China," said Dave Bruswick, technical director for Tumbleweed, one of the companies behind the APWG. "The spread [of Web sites] seems to be where more machine are online in the first place".

The number of active phishing sites reported in January was 2,560 -- a figure that has jumped by 47 percent since December, when 1,740 were found, and more than double the 1,186 reported in October.

Sixty-four online brands were hijacked last month, and sites were accessible for an average of 5.8 days before they were shut down.

The report also warned of a rise in Web sites that are not accessed through the default port for HTTP, port 80. This could help the sites evade being detected by a poorly set-up firewall which allows unchecked access through other networking ports.

"The rise in non-port-80 hosted sites and the number of sites which are hosting phishing attacks continues to lead us to believe that the number of machines that are compromised and are being used to host these attacks is growing," said the report.

Brunswick added to this, saying: "It tells us that one of the key points about phishing is that it's not about banks and vendors trying to stop this, it's about everyone who owns a Web-connected PC."

Members of the APWG found that more scammers are using malware containing keystroke loggers to steal passwords, and said that Instant messaging worms were also emerging as a danger.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
48 out of 116 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters