'

Toolkit for automating phishing attacks on Internet?

The Anti-Phishing Working Group suspects that a toolkit, which would allow phishing attacks to be automated, has started circulating on the Internet.The APWG released its report for the three months to October on Tuesday and the study found a 'massive increase' in the number of phishing sites.

The Anti-Phishing Working Group suspects that a toolkit, which would allow phishing attacks to be automated, has started circulating on the Internet.

The APWG released its report for the three months to October on Tuesday and the study found a 'massive increase' in the number of phishing sites. The organisation was set up around a year ago to help financial institutions share information about phishing attacks and has become the authority on phishing techniques.

According to the APWG's latest report, there was significant increase in phishing activity from 5 October.

"We also received some feedback from a post on the incidents mailing list from individuals who have witnessed large volumes of spam increases since 5 October. It appears as though some sort of toolkit is available and/or a set of tools that are being used to produce similar exploits. The sudden large spike may indicate that some automation may be involved," the report said.

The APWH also found that the number of phishing e-mails are growing at the rate of 36 percent a month and sites hosting phishing content have doubled in October and are growing at around 25 percent per month.

Another change in activity indicates that individual phishing sites are being used to attack multiple brands -- such as Citibank and eBay.

"Analysis shows that a single baiting site may appear as the link in several hundred e-mail messages with different formats and visual designs, potentially hijacking as many as six separate brands. The APWG considers this a single coordinated attack and a more accurate measurement of criminal phishing activity," the report said.

The US is responsible for hosting almost a third of all phishing sites, followed by China and Korea at 16 percent and nine percent respectively.

The APWG suspects that half of all phishing sites are hosted on compromised broadband PCs.