Phishing expeditions business and personal data are rising to record levels, with fake anti-malware campaigns alone increasing by 225 percent in the last six months of 2008. Password-stealing Web sites jumped 827 percent IN 2008. The reason is the phishers are investing in automation. A new report from the Anti-Pjhshing Working Group (APWG) gives a sense of just how aggressive the phishers and malware makers are becoming in search of one’s business (and personal) data.
Using increasingly automated attacks and re-tooling strategies such as anti-malware come-ons, phishers are bombarding the Web with mail campaigns, continue to co-opt known and trusted brands, and are sprouting malware Web sites at stunning rates. According to APWG, malware sites jumped 827 percent, from 3332 in January 2008 to 31,173 in December, within spitting distance of a 1,000 percent increase in twelve months. The largest increase was December; in fact, with the number of sites bearing malware and password-stealing tools skyrocketing from November’s 11,834 to 31,173. While APWG notes that the December pop was a result of "some large attacks that were using huge amounts of random websites for phishing campaigns that were spoofing classmates’ websites," the organization undoubtedly also knows that this sort of increase is unlikely to remain an aberration.