Unique malware URLs increased 89 percent

Websites loaded with malware increased a massive 89 percent in the third quarter compared to Q2 2011. According to an IID report, the most impersonated organizations include the FDIC, U.S. Federal Reserve and the IRS.

IID attributed the large increase in malware sites to the reemergence of the Avalanche phishing gang, which was responsible for two thirds of all the phishing attacks that took place in the second half of 2009.

“We knew Avalanche would resurface and it is apparent that they have made a conscious decision to provide their massive botnet as an infrastructure for hire. The most prevalent use of their network are sites that attempt to get victims to install malware on their computers,” said IID President and CTO Rod Rasmussen.

Once malware is on a victim’s computer, the perpetrator can monitor or control both personal and business computer activity – enabling them to steal data, send spam, and commit fraud.

Criminals lure people in by creating appealing websites, desirable downloads and compelling stories, then trap unsuspecting victims, often through “drive-by” websites where malware automatically installs.

Traditional phishing decrease

In keeping with these findings, IID also noted in its report that traditional phishing attacks, where cybercriminals attempt to swindle sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an online exchange, dropped eight percent in the third quarter compared with Q2 2011.

Similarly, IID found an 11 percent year over year decline in traditional phishing attacks between Q3 2011 and the same quarter in 2010.

Money transfer and e-commerce phishing showed the largest areas of decline while phishing attacks impersonating national banks stayed strong.

In addition to the shift to malware, IID attributes this decrease to significant security steps taken by Facebook, Google, Microsoft and others, noting three major events:

• After suffering a 600 percent increase in phishing attacks in Q2, 2011, the .tk registry partnered with IID, Facebook and the Anti-Phishing Alliance of China (APAC) to secure the .tk top-level domain. The agreements allow IID, Facebook and APAC to connect their anti-abuse systems with .tk’s domain name database, enabling .tk domain names to be blocked immediately when an electronic report of wrongdoing is received. .tk phish dropped 40 percent in the third quarter.
• Google de-indexed the entire second-level domain co.cc since it has historically been home to excessive fraudulent activity. This means the estimated 11 million co.cc websites are blocked from appearing in Google’s search engine results.
• Microsoft took down the Kelihos botnet, a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge. That botnet reportedly consisted of a network of 41,000 infected computers capable of sending billions of spam emails per day.