Phishing attacks begin to avoid anti-phishing tech in browsers - report

New York (NY) - The number of phishing attacks has exceeded the number of virus threats for the first time in January, according to a report released today. Security services firm MessageLabs said that phishers found ways to circumvent anti-phishing tech and claims that 1.07% of emails now contain phishing attacks.

Despite the growing installed base of security software, Internet users are facing evolving and more sophisticated security threats in 2007. According to MessageLabs, Trojan attacks decreased during first month of the new year, but phishing attacks are gaining more traction. The company attributed this development to several factors, including more targeted virus attacks that are no longer occurring as one large outbreak as well as two-factor authentication methods deployed by online merchants that "have given rise to 'man-in-the-middle' phishing sites."

MessageLabs also said that there is an increasing number of phishing sites that are now using Flash content rather than HTML in an attempt to evade anti-phishing technology used in Web browsers. "Phishing," attacks that are centered around attempts to extract critical information such as credit card data from computers, is evolving into a global battlefield that has brought us botnets - groups of millions of infected computers that are used in phishing attacks - and is believed to yield hundreds of million dollars in revenue every month.

MessageLabs estimates that one in 93.3 emails (1.07%) comprises some form of phishing attack, while the only one in 119 emails (0.83%) carries a virus. Compared with December, however, Message Labs said that the overall amount of phishing attacks has decreased. According to the company, 84.5% of emails are now spam.

Mirroring last year's virus landscape, 2007 began with another wave of Warezov attacks as successive bursts of the virus were released in January. Virus releases such as the recent StormWorm, are believed to follow that strategy, but MessageLabs said that it gets more challenging to defend users against these attacks: "The large numbers of new variants combine a number of anti-countermeasure features, like the use of rootkit technology, which make the virus increasingly difficult to detect and remove using traditional anti-virus methods," the firm said.

Related article:
Security software alone not enough to beat Internet threats, says CA