Five Zombies Do All the World’s Phishing

Less than a handful of zombie network operators are responsible for all thephishing attacks in the world, according to CipherTrust, an Atlanta-basedmessage security firm.

In an analysis of its global customers’ e-mail traffic patterns during thefirst two weeks of this month, CipherTrust researchers found that less thanone percent of all e-mail contained phishing attacks.

Those attacks are launched daily by a rotating set of networks, each netconsisting of 1,000 zombie computers. Zombies are networked computerscontrolled surreptitiously by hackers by infecting the computers with someform of malware such as a virus, Trojan or worm.

Haven for Spammers

“There are a total of about 1,000 IPs each day responsible for all thephishing attacks on the Internet,” CipherTrust Research Engineer DmitriAlperovitch told TechNewsWorld. “Those IPs change from day to day so it’spretty much a different thousand every day.”

Generally, phishing involves the mass distribution of “spoofed” e-mailmessages with return addresses, links and branding that appear to originatefrom banks, insurance agencies, retailers, credit card companies or the like. Thebogus messages are used to persuade recipients to divulge personalauthentication data such as account information, credit card or socialsecurity numbers or personal identification numbers {PINs}. Because the e-mails look genuine,recipients respond to them and become victims of identity theft and otherfraudulent activity.

CipherTrust’s analysis also revealed that the zombie networks responsiblefor phishing traffic were also being used to distribute unsolicited e-mailadvertising, or spam.

Killing Zombies

“We noticed that we could separate these IPs into separate groups by lookingat the types of e-mail that they were sending out,” Alperovitch explained.”There would be a group of IPs sending this type of phishing attack and thistype of spam and that was the only thing you see from them. That’s how wearrived at [the conclusion that] less than five of these groups are responsible for all phishingattacks.”

Although the Anti-Phishing Working Group is still reviewing CipherTrust’sfindings, Chairman Dave Jevans noted that the organization is aware thatzombies have been increasingly involved in the phishing scene.

“As of a few weeks ago, we were able to detect that zombies were being usedincreasingly, and we’ve seen networks of eight or 10 or 50 zombies,” Jevanstold TechNewsWorld.

More Than Five Groups

Even if there are only a smattering of operators controlling thedistribution of phishing attacks, the global number of phishers could stillbe substantial.

“Thousands of people could still be doing it because you just hook up to azombie network and put your data through it,” Jevans said.

“We have very strong evidence that there are 30 to 40 identifiably differentgroups with different attack patterns out there,” he added. “We know thereare more groups than five, that’s for sure.”

Nevertheless, a crackdown on zombie networks would have a significant impacton worldwide phishing and spam traffic, Jevans asserted.

“If we could shut zombie networks off at the root, theoretically that’sgoing to make a big impact on spam and phishing e-mails because we now knowthat 50 percent of all spam is being sent through zombie networks,” heexplained.

Prime Targets

Financial institutions remain a prime cover for phishers, CipherTrustrevealed, with 46 percent of all attacks using the Citibank brand to prypersonal information from victims.

“There is no industry standard for measuring phishing attacks, so researchresults vary,” Citigroup Spokesman Mark Rodgers told TechNewsWorld viae-mail. “Our own research indicates that other organizations have as many ormore phishing attacks than Citibank, but, again, everyone’s analysismethodology seems to differ.”

Rodgers added: “We diligently identify and stop attacks; we work with lawenforcement and industry groups on solutions; we educate customers; we takesteps to protect customers against fraud, and we continually modify oursystems to enhance safeguards for our customers and ourselves. It is alsoimportant that consumers be aware of these issues and act appropriately aswell.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Security

Technewsworld Channels