APWG Report: eCrime Gangs Increasing Attention to Online Classifieds, Social Networking and Gaming Websites

Crimeware Contagion Spreads: More Than Half of PCs Inspected in Q1 2010 Were Infected

LOS ALTOS, Calif. & CAMBRIDGE, Mass.--(BUSINESS WIRE)-- The APWG’s Q1, 2010 Phishing Activity Trends Report reveals that phishing gangs have been increasing their efforts against brands in the social networking, online classifieds and online gaming industries.

In its assessment of the most targeted industry sectors, APWG’s contributing analysts found that attacks focusing on brands in the online retail, auction and financial services sectors decreased while payment services increased more than 10 percent in Q1 2010. The category of “other” – social networking, online classifieds and online gaming industries – rose to an 18 percent proportion, however, from 13 percent in Q4 2009, an increase of more than 37 percent quarter over quarter.

Ihab Shraim, chief security officer and vice president, network and system engineering at MarkMonitor and APWG Trends Report contributing analyst said, "The increase in the ‘Other’ category is attributed to the sharp increase in attacks against the online classifieds, social networking and gaming industries."

Meanwhile, though the relative proportion of crimeware genera remained static during the surveyed term, the proportion of infected computers increase more than 10 percent quarter over quarter. APWG reports that the proportion of infected computers grew from more than 47 percent in the fourth quarter of 2009 to more than 53 percent in Q1 2010.

The full report is available here: http://www.apwg.org/reports/apwg_report_Q1_2010.pdf

The APWG Q1, 2010 Trends Report, combining data from APWG members MarkMonitor, Websense, Panda Security, Afilias and Internet Identity with the APWG’s own statistical data, also reported:

● The disappearance of a rogueware variant accounted for a 37 percent decrease in total samples detected in Q1 2010 compared to Q4 2009.

● Unique phishing reports reached a Q1 2010 high of 30,577 in March, down 25 percent from the record in August 2009 of 40,621 reports.

● The number of total unique phishing websites detected at Q1’s end, in March, was 29,879, off 47 percent from high of 56,362 in August 2009.

● The number of brand-domain pairs detected at end of Q1 was 10,752, down 56 percent from the record of 24,438 in August 2009.

● The number of phished brands reached a high of 298 in March, a decrease of 16 percent from the all-time high of 356 reached in October, 2009.

● The United States continued its position as the top country hosting phishing sites during the first quarter of 2010.

● The proportion of infected computers increased from nearly 47 percent in the fourth quarter of 2009 to more than 53 percent in Q1 2004.

APWG Chairman Dave Jevans said, “The Q1 statistics paint the picture of shifting focus and approaches used by phishing gangs who are apparently using more sophisticated social engineering schemes less reliant on spoofing a bank’s brand. Less visible statistically but as potent is the increasing focus on direct attacks against executives with corporate treasury authority. Losses from the latter, according to reports received by the APWG, can and do regularly run into six figures now.”

The results of the Q1 report are of grave concern to the global membership of the APWG and the research centers, treaty organizations, law enforcement agencies, government agencies and industry associations with which the APWG corresponds worldwide. Those members, correspondents and researchers will be considering the results of this Trends report and other eCrime research at the APWG’s 8^th annual fall conference in Dallas at Southern Methodist University from October 18-20. The three-day event examines the eCrime phenomenon from the point of view of the manager who has to engage eCrime on a workaday basis. The conference is sponsored by SAIC, MarkMonitor, Afilias, GoDaddy, CERT Software Engineering Institute and the IEEE Standards Association, which serves as Technical Sponsor of the research segment of the program, the eCrime Researchers Summit.

The conference agenda is here:

http://www.apwg.org/events/2010_gm.html

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,600 members. The APWG's Web sites – www.apwg.org and education.apwg.org - offer the public, industry and government agencies information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors are as follows: AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Booz Allen Hamilton, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), Entrust (ENTU), eEye, ESET, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, Hauri, Huawei Symantec, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, M86Security, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Planty.net, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), TDS Telecom, Telefonica (TEF), Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO), zvelo and ZYNGA.

CONTACT:

APWG
Peter Cassidy, 617-669-1123
Chairman
pcassidy@antiphishing.org
or
MarkMonitor
Te Smith, 831-818-1267
Te.Smith@markmonitor.com
or
Websense
publicrelations@websense.com
or
Panda Security
Luis Corrons
lcorrons@pandasoftware.es
or
Afilias
Heather D. Read, 215-706-5777
hread@afilias.info
http://www.afilias.info
or
Internet Identity, 253-590-4100
pr@internetidentity.com
http://www.internetidentity.com

KEYWORDS:   United States  North America  California  Massachusetts

INDUSTRY KEYWORDS:   Technology  Consumer Electronics  Hardware  Internet  Networks  Software  Telecommunications

MEDIA:

Logo