Phishing attacks powered by 'just five' zombie networks

Reseach carried out by Ciphertrust has found that phishing emails come from groups of 1,000 hijacked computers belonging to one of five botnets
Written by Graeme Wearden, Contributor
All phishing attacks launched across the Internet come from one of just five networks of zombie PCs, according to research published by security firm CipherTrust this week.

CipherTrust based its claim on data collected from companies that use its IronMail messaging security product. By analysing phishing emails to find the IP addresses of the computers that sent them, CipherTrust says it found that every day a different set of around 1,000 zombie computers were used to deliver phishing emails.

Phishing emails typically purport to come from a major financial institution, and try to trick the recipient into visiting a fake Web site and revealing their banking details.

By monitoring which computers were involved with which phishing attacks, CipherTrust concluded that each one was part of one of five zombie networks, also called botnets. A zombie PC is one that has been secretly taken over by a malicious hacker, typically when the user falls victim to a virus.

"Phishing attacks represent a collaboration of the world's most skilled hackers and organised crime -- instead of breaking into the bank to take money, phishers are tricking users into handing over their account information, or rather the electronic keys to the vault," said Paul Judge, chief technology officer at CipherTrust, in a statement.

More than 32 percent of these zombies were based in the US, and 16 percent in the Republic of Korea. The remaining 52 percent of phishing zombies were spread across 98 other countries, with just over 4 percent based in the UK.

CipherTrust also found that 70 percent of zombie PCs are also used to send spam, which confirms the views of anti-spam expert Steve Linford.

Editorial standards