Anti-Phishing Working Group - March Phishing Trends Report released 14 May 2007
Yes, I know, I'm a little behind on this one. One last post, and then off to bed I go.
The APWG report which covers phishing activity reported to them during March 2007 can be downloaded from this URL and, as always, makes for interesting reading:
Maybe I am just lucky, but I have been noticing a marked fall-back in the number of phishing emails sent to my various email accounts for a while now - even the spamtraps are receiving few phishing emails - and I haven't seen a Paypal or eBay Phish for a very long time. There are occasional outbreaks targetting specific banks here in Australia, but those incidents are isolated spikes in an overall downward trend. We see far more stock spam, and money mule spam, than phishing emails nowadays (note to self; write a decent article about money mules soon).
My personal opinion is that the antiphishing efforts of the most popular browsers - IE, Firefox and Opera - are finally having a positive impact, and that the crooks are starting to look to greener pastures.
Unfortunately, as phishing shows signs of dying away the hacking of legitimate websites to inject hostile code is a growth industry. iframes and various exploits are being used to install malware on victim machines and yes, that malware does include keyloggers meaning that victims are at risk of exposing not just one username and password, but every single username and password that they have. I'm also seeing persistent attempts to seed dangerous URLs via blog comments, forum posts and signatures and other "Web 2" type services which allow user interaction and contributions to be published to the Web.
This new trend is going to be harder to neutralise than phishing. I have seen sites that are hit, sometimes numerous times, by hackers who are at the mercy of Colo facilities whose operators are lax at installing updates and security patches. Sometimes the sites are maintained by people who are simply inexperienced, or don't want to spend the required money to upgrade. It is not that hard, nowadays, to set up a Web forum, but it is a lot harder to stay on top of security and the latest exploit affecting your software of choice.
Some big names have been hit by hackers, sometimes more than once. For example, Asus Taiwan is one site that comes to mind as having been hit more than once. Yahoo Groups (India) was hacked within a day or so of going live. Circuit City's support forum was hacked. Spreadfirefox.com was hacked after it failed to install security patches.
The increasing trend towards hacking legitimate sites also introduces a challenge for IT departments. It is no longer sufficient to warn users away from p0rn sites or the darker side of the internet. It's no longer safe to assume that just because you stick to 'safe' sites that your network will be ok.
Then there is the danger posed by malware infiltration of advertising networks, meaning that any Web page that displays a Flash banner advert is a potential conduit of infection.
In short, any Web site is a potential danger. We have to patch, we have to install the latest version of our favorite Web browser. We have to stay informed about the latest exploits and we have to mitigate risk wherever possible. As part of my daily routine I read sites and services that list the latest in security risks, private forums, early alert services and monitor my network for unusual patterns and spikes or unusual symptoms on any PC on my network.