A new survey unveiled some current strategies and tactics that phishers have been employing in response to the anti-phishing efforts put to cope with this world problem. The subdomain services, some spoofing techniques, and systematic exploitation of vulnerable registrars and registries are amongst the latest maneuvers utilized by phishers.

Phishing is an attempt to criminally and fraudulently acquire personal information, such as usernames, passwords and credit card details, by concealing behind a trustworthy entity in an electronic communication. Common targets of phishing are PayPal, eBay, and online banking.

The researchers Greg Aaron of Afilias and Rod Rasmussen of Internet Identity who conducted the “Global phishing survey: Domain Name Use and Trends in 2007” reported that over 10,773 malicious domains were registered in 2007, from them 10,515 had their phishes hidden on subdomains or in subdirectories. This counterfeit websites were designed with the only purpose to lure users and obtain their personal financial information.

Subdomain hosting services, especially those of them which are free of charge were mostly used for phishing sites because they are largely automated and operate with limited staffing. That makes it difficult a phishing site to be reached and removed from the Internet. These subdomains represent at least 18% of all domains involved in phishing which undoubtedly is a significant percentage.

Another common tactic used is phishing pages to be placed on compromised computers. According to the researchers, this practice is apparently effective because suspending a malicious domain name or hosting account also disabled the resolution of the legitimate user’s site.

The vast majority of domain names used for phishing do not contain a brand name. Instead, phishers often embedded a relevant brand name in the URL. This trend got accelerated in the course of 2007 and while it was 25 % early in the year, by the end of December it reached over 42.1% (according to the APWG’s monthly reports). For instance such malicious URL is: http://www.bankname.com.447956.33njm34webnyq2.net/cmd-confirm/login.php

Phishers’ preferences towards a particular registrar are based on some important points: the policies of the different TLD registries, the services and TLDs offered by its registrars, and the anti-abuse practices of the registrars and the registry operator. Therefore, domain registry and domain registrars could play a vital role in the fight against phishing by undertaking immediate actions to additionally secure their domain space.

All in all, there is an obvious necessity of better anti-abuse measures which will significantly facilitate the combat with the increasing global phishing problem. Phirshers are very flexible and quite easily adapt new approaches. That makes the battle even more complicated. Anyway, the better understanding of why and how phishers register domain names for their own malicious use will lead to improvements in anti-abuse measures.

Hosting Bookmarks

Copyright © 2024 DevStart, Inc. Permission is required to use the material on this page.