The APWG logged 29,930 unique phishing reports worldwide in January, an increase of more than 25 percent from December's 23,787. But the number of new phishing sites detected dropped slightly, from 28,531 in December to 27,221 in January, as did the number of highjacked brands, from 146 in late '06 to 135 in January.

It's hard to say whether the changes were the result of the post-holiday hangover, but the APWG's findings were mostly in line with trends reported by other experts.

"You're getting a diversification of strategies by phishers, mostly because of anti-phishing techniques" cramping their style, says Adam O'Donnell, senior research scientist for Cloudmark. "By diversifying, they can distract and bait the [phishing] analysts and get into more fertile phishing grounds."

The Storm worm was a good example of attackers mutating malware, O'Donnell says. The worm generated hundreds of mutations over just one weekend, and had auto-update features built into it. "If you're able to release a virus that gets in the wild and makes an impact before" antivirus engines map it out, the attacker wins, he says. "This is a huge trend in crimeware."

Password-stealing malware went up from 340 unique apps in December to 345 in January, according to the report.

In its investigation of crimeware, APWG found that Brazilian-based malware writers are now using Web Attacker, the wildly popular toolkit from Russia. This development suggests that crime groups are collaborating globally, the report says....More

Discussion in the Forums