APWG eCrime Report: Classified Ads Sector Breaks Out in Q2 2010 As a Rapidly Expanding Phishing Vector

Rogueware Expansion Continues: Bogus Security Software Grows 13 Percent During the Half

CAMBRIDGE, Mass. – The online classified advertisement services sector has been increasingly exploited as a phishing attack vector by ecrime gangs, a trend confirmed by the growth of attacks abusing classified companies in the first half of 2010, accounting for 6.6 percent of phishing attacks in Q2 2010 alone, according to the APWG’s Q2, 2010 Phishing Activity Trends Report released this week.

Though the online payment services sector remained the most targeted industry with 38 percent of detected attacks in Q2, up from 37 percent in Q1, the classified advertisement services sector exhibited the most rapid growth in phishing attacks of all sectors in the half.

Advertisement

Ihab Shraim, MarkMonitor’s Chief Security Officer and Trends Report contributing analyst said, “The Classifieds sector grew 142 percent from the previous quarter and over 91,000 percent from the comparable quarter [Q1] a year ago. This sudden growth may have been due to Auction sector phishing resources shifting over to the Classifieds sector.”

Classified advertisement websites for person-to-person trading, job postings, personals ads and other kinds of online commerce and culture offer ecrime gangs rich contexts for casting false scenarios to trick consumers into giving up funds or financial data that can be used for fraud, or even to draft them as unwitting accomplices into their criminal enterprises such as working as money mules.

Meanwhile, the growth of detected samples of rogueware – malicious crimeware disguised as anti-virus or anti-spyware software – rose some 13 percent from quarter to quarter, up from 183,781 in Q1 to 207,322 in Q2, 2010.

Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, said that just three rogueware “families” are responsible for 72 percent of all the samples detected in this period:

Adware/SecurityTool was the most frequently detected rogueware family in Q2 with 25 percent; Adware/TotalSecurity2009 was second with a 24 percent; and Adware/MSAntispyware2009 was third with 21 percent of the rogueware samples detected in Q2.

The full report is available here: http://www.apwg.org/reports/apwg_report_q2_2010.pdf.

The APWG Q2, 2010 Trends Report, combining data from APWG members MarkMonitor, Websense and Panda Security with the APWG’s own statistical data, also reported:

● Unique phishing reports in Q2 2010 rose to an annual high of 33,617 in June, down 17 percent from the record high in August 2009 of 40,621 reports.

● The quarterly high of unique phishing websites detected was 33,253 in April, down 43 percent from the record high of 56,362 in August 2009.

● The Q2 high of 14,945 brand-domain pairs in April was down 63 percent from the record of 24,438 in 2009.

● The number of phished brands reached a high of 276 in May, down 22 percent from the all-time record of 356 in October, 2009.

● Payment Services accounted for 38 percent of attacks in Q2, up from 37 percent in Q1.

● United States continued its position as the top country for hosting phishing websites during Q2.

● Spain’s proportion of detected crimeware websites rose to 16 percent in Q2, from less than 4 percent in Q1.

● The percentage of computers infected with banking trojans and password stealers rose to 17 percent from 15 percent in Q1.

Though some of APWG metrics show conventional spam-based phishing attacks leveling off in the first half of 2010, field reports and statistical surveys from APWG member companies indicate that ecrime gangs are cultivating an array of alternative attack schemes: selling bogus security software to infect users PCs (rogueware); deploying website and search engine advertisements that link to malicious code or to downloader websites sites designed to infect consumers’ PCs (malvertising); crafting focused-target phishing against corporate treasurers and key personnel; deployment of advanced crimeware and social-engineering schemes crafted specifically for social networking websites and the applications that are running on them; and more.

APWG Secretary General Peter Cassidy said, “While the once-rapid expansion of conventional phishing is apparently slowing, there is every indication that ecrime gangs are expending much greater effort to design and deploy ever more undetectable, manipulative, focused and attractive schemes to defraud consumers and enterprise users. These organizations have become no less ambitious, we should note, just increasingly sophisticated and evermore deft in their criminal craftsmanship.”

APWG’s members, research correspondents and the community of counter-ecrime responders and managers will be meeting in APWG conferences around the world all through 2011 to consider and discuss the technical and criminological issues that are evident in APWG’s Trends Report at two upcoming conferences this Spring in Dublin and Kuala Lumpur.

The inaugural eCrime Researchers Sync-Up at University College Dublin on March 15 and 16 is for researchers in electronic crime as well as for responders, law enforcement personnel and technologists with an abiding interest in the technologies of ecrime and counter-ecrime efforts. Info about the meeting can be found here: http://www.ecrimeresearch.org/2011syncup/cfp.html.

The fifth annual Counter-eCrime Operations Summit (CeCOS V) in Kuala Lumpur on April 27, 28 and 29 is for responders to ecrime or managers of fraud and ecrime remediation, as well as for law enforcement personnel, technologists and researchers with an abiding interest in the techniques, trends and technologies of ecrime and ecrime response and management. Info about the meeting can be found here: http://www.apwg.org/events/2011_opSummit.html.

The annual fall APWG General Members Meeting and eCrime Researchers Summit will be held in San Diego in October, with specific location and dates to be published on the APWG website http://www.apwg.org this month.

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,600 members. The APWG’s Web sites – www.apwg.org and education.apwg.org – offer the public, industry and government agencies information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG’s corporate sponsors are as follows: AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Booz Allen Hamilton, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), eCert, Entrust (ENTU), eEye, ESET, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GlobalSign, GoDaddy, Goodmail Systems, GroupIB, GuardID Systems, Hauri, HomeAway, Huawei Symantec, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, M86Security, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Planty.net, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO), zvelo and ZYNGA.