April 27, 2011 06:15 AM Eastern Daylight Time
Free Domain Name Registration Services Also Proving To Be a Significant, Emerging Resource for eCrime Gangs to Establish Domains for Criminal Enterprise
KUALA LUMPUR, Malaysia--(BUSINESS WIRE)--A new phishing survey released by the Anti-Phishing Working Group (APWG) at their conference here reveals that malicious use of subdomain services by phishers nearly doubled in the second half of 2010, with phishing gangs using these services about as often as they register domain names.
“Few such services take enough proactive measures to keep criminals from abusing their products in the first place”
Subdomain registration services give customers subdomain “hosting accounts” beneath a domain name the provider owns. These services are sold, managed, and regulated differently from regular domain names. There were 11,768 phishing websites hosted on subdomain services in the second half of 2010, up 42 percent from the first half of 2010, accounting for the majority of phishing in some Top Level Domains (TLDs). The increase during the half was notable, as this number had generally remained stable since the second half of 2008.
The 2H2010 total is slightly less than the 12,971 phish found on maliciously registered domain names purchased by phishers at regular domain name registrars in 2H2010. If included in the total of conventionally established domain names, abusive subdomain names would comprise some 22 percent of all domains deployed for phishing attacks.
Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, said, “Over the past few years, we have documented many examples of e-criminals finding and heavily exploiting particular DNS-related service providers who were ill-prepared for the onslaught of abuse. Subdomain providers are a particularly tempting target, as they provide full DNS services with no oversight and low-to-no cost services.”
Over 40 percent of attacks using subdomain services occurred on CO.CC, based in Korea, despite the fact that CO.CC is generally responsive to abuse reports. Phishers are probably attracted to CO.CC because CO.CC registrations are free, easy to sign up for, come with DNS service, and there are features to assist with bulk signups. As of this the publication of the report, CO.CC supports more than 9,400,000 subdomains in more than 5,000,000 user accounts.
The report also reveals that two free services were heavily abused by phishers in order to create phishing sites: the .TK domain registration service and the CO.CC subdomain service. Nearly 11 percent of all phishing attacks utilized these relatively little-known services.
“Few such services take enough proactive measures to keep criminals from abusing their products in the first place,” said Greg Aaron, Director of Key Account Management and Domain Security at Afilias and co-author of the study. “Hopefully the Internet can become a place where companies are less reactive and more proactive about e-crime,” said Greg Aaron.
Other findings in the report include:
- In 2H2010, the average and median uptimes of all phishing attacks spiked significantly from previous periods, and were higher than any time period since the authors began taking uptime measurements three years ago.
- Phishers are attacking Chinese e-commerce sites and banks aggressively, and are distinguished by preferentially registering new domain names, rather than using compromised Web servers like most phishers do.
- Shutting down the availability of .CN domain names did not stop phishing that victimizes Chinese Internet users and Chinese institutions. Rather, it seems to have merely shifted the phishing to other top-level domains.
The full text of the report, including tabular data on the most abused TLDs and subdomain services, is available here: apwg.org/reports/APWG_GlobalPhishingSurvey_2H2010.pdf
The authors presented their findings at the fifth annual Counter-eCrime Operations Summit, the world’s premier conference for professionals and researchers who are engaged in combating electronic crime and fraud – and protecting consumers and enterprises from them. The program, running from April 27-29 in Kuala Lumpur, is presented by the APWG, the global cybercrime-fighting association, with co-hosts CyberSecurity Malaysia and MyCERT. Conference sponsors include Hitachi JoHo, Microsoft, Google, and MarkMonitor.
View the full agenda at www.apwg.org/events/2011_opSummit.html#agenda.
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,300 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.
APWG's corporate sponsors are as follows:
APWG's corporate sponsors are as follows: AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Booz Allen Hamilton, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), eCert, Entrust (ENTU), eEye, ESET, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GlobalSign, GoDaddy, Goodmail Systems, GroupIB, GuardID Systems, Hauri, HomeAway, Huawei Symantec, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, M86Security, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Planty.net, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO), zvelo and ZYNGA.
