War on phishing to last 20 years
By Rene Millman,
The fight against phishing gangs could last 20 years, according to an expert.
Speaking at a MarkMonitor roundtable event in London, Tony Neate, managing director of internet safety campaign Get Safe Online said that online crimes and the gangs who commit them will still be around for the foreseeable future.
"We will still have people falling for phishing attacks in 20 years time, but hopefully it'll be a lot less prevalent than it is now," he said.
Neate added that when phishing attacks first came to the fore, he believed that phishing would die out after a couple of years. "It hasn't! People still don't know about the problem. We have got to start talking about the problem in the mainstream press, this is the only way most people will understand what is going on."
One of the most prominent phishing criminal syndicates is the Rock Phish Gang. Believed to operate somewhere in Eastern Europe, the gang has been using phishing attacks to defraud victims out of millions.
But the gang has adapted its methods in recent times to stay one step ahead of the phishing filters employed in various security products.
Currently, the gang use stolen identities to register multiple domain names at various internet registrars. The domain names are usually short and meaningless. The gang then host a DNS server using a wildcard "A" record to provide a name-to-IP service for the fraudulently registered domain names. These IP addresses point to compromised computer that form a botnet. Each of these zombie computers acts as proxies back to servers that host fake banking and other phishing websites.
While banks and other institutions are increasingly deploying strengthened security to defend against these attacks, some analysts are worried that effort would be stymied by economics.
"Two factor authentication is a good defence against phishing but I worry that banks will use the cheapest option and this would be the easiest one to crack," said Andrew Kelltt, senior research analyst at Butler Group.
According to new figures released by the Anti-Phishing Working Group, the number of phishing URLs have increased by 7.4 per cent on February's high. The group unearthed 3,353 URLs used as fake websites in May. This figure was also 95 per cent more than April's figure.
Dan Hubbard, vice president of security research at web security company Websense said that the increase in these URLs can mostly be attributed to the combination of exploit code written for the ANI (Microsoft animated cursor) vulnerability and the increased use of compromising web servers.
"A large number of these sites were from a regional attack in Asia that compromised several sites and planted exploit code for this then unpatched ANI vulnerability," said Hubbard.
advertisement
Latest Security Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Security Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?