War on phishing to last 20 years

The fight against phishing gangs could last 20 years, according to an expert.

Speaking at a MarkMonitor roundtable event in London, Tony Neate, managing director of internet safety campaign Get Safe Online said that online crimes and the gangs who commit them will still be around for the foreseeable future.

"We will still have people falling for phishing attacks in 20 years time, but hopefully it'll be a lot less prevalent than it is now," he said.

Neate added that when phishing attacks first came to the fore, he believed that phishing would die out after a couple of years. "It hasn't! People still don't know about the problem. We have got to start talking about the problem in the mainstream press, this is the only way most people will understand what is going on."

One of the most prominent phishing criminal syndicates is the Rock Phish Gang. Believed to operate somewhere in Eastern Europe, the gang has been using phishing attacks to defraud victims out of millions.

But the gang has adapted its methods in recent times to stay one step ahead of the phishing filters employed in various security products.

Currently, the gang use stolen identities to register multiple domain names at various internet registrars. The domain names are usually short and meaningless. The gang then host a DNS server using a wildcard "A" record to provide a name-to-IP service for the fraudulently registered domain names. These IP addresses point to compromised computer that form a botnet. Each of these zombie computers acts as proxies back to servers that host fake banking and other phishing websites.

While banks and other institutions are increasingly deploying strengthened security to defend against these attacks, some analysts are worried that effort would be stymied by economics.

"Two factor authentication is a good defence against phishing but I worry that banks will use the cheapest option and this would be the easiest one to crack," said Andrew Kelltt, senior research analyst at Butler Group.

According to new figures released by the Anti-Phishing Working Group, the number of phishing URLs have increased by 7.4 per cent on February's high. The group unearthed 3,353 URLs used as fake websites in May. This figure was also 95 per cent more than April's figure.

Dan Hubbard, vice president of security research at web security company Websense said that the increase in these URLs can mostly be attributed to the combination of exploit code written for the ANI (Microsoft animated cursor) vulnerability and the increased use of compromising web servers.

"A large number of these sites were from a regional attack in Asia that compromised several sites and planted exploit code for this then unpatched ANI vulnerability," said Hubbard.