Number of Crimeware-Spreading Sites Surges to Record High
Anti-Phishing Working Group (APWG) research performed by Websense shows that the number of crimeware-spreading sites has surged to an all-time high. Published for the first time, APWG's "PROJECT: Crimeware" has been monitoring the increase of malicious software purpose-built for criminal enterprise for over a year (June 2005 - June 2006) and the number of crimeware-spreading sites has continued to expand quickly as shown below (figures in brackets are for June 2005):
- Number of unique phishing reports received in June 2006: 28,571 (15,050)
- Number of unique phishing sites received in June 2006: 9,255 (4,280)
- Number of brands hijacked by phishing campaigns in June 2006: 130 (74)
- Number of unique websites hosting keyloggers in June 2006: 2,945 (526)
A number of factors probably contribute to this development, e.g. the increased availability of exploit kits for sale on the Internet. These allow non-technical users to put exploit code on innocent web sites with the intention of running this on the computers of people visiting the sites, e.g. to steal log-in information. This current development is driven by financial gain.
The most notable point in these figures is the fact that whilst the total number of keyloggers increased at a similar rate to other factors, (up from 154 to 212), the number of web sites hosting such crimeware rose from 529 to 2,945. This means there are more than five times as many dangerous web sites out there than a year ago.
The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,500 companies and government agencies participating in the APWG and more than 2,500 members.
See also [ http://www.antiphishing.org/reports/apwg_report_june_2006.pdf Phishing Activity Trends Report June, 2006], the report from the Anti-Phishing Working Group. (Niels Bjergstrom)