NEW YORK -- The Anti-Phishing Working Group (APWG) announced today that the number of phishing URLs deployed to spread crimeware among consumer PCs rose to an all-time record in May to 3353, an increase of 7.4% more than the previous high in February, 2007 and of nearly 95% more than in April.
Dan Hubbard, Vice President of security research with Websense said, "The increase in [crimeware URL] numbers can mostly be attributed to the combination of exploit code written for the ANI (Microsoft animated cursor) vulnerability and the increased use of compromising web servers. A large number of these sites were from a regional attack in Asia that compromised several sites and planted exploit code for the, then unpatched ANI vulnerability."
In the month of May, meanwhile, APWG researchers from Websense, MarkMonitor and its Global Research Partners report that conventional phishing attacks were relatively flat statistically, though the numbers of unique phishing URLs deployed remained high and phishers expanded the focus of their efforts into different kinds of financial services firms.
Laura Mather, Ph.D., Senior Scientist for MarkMonitor said, "The number of unique phish URLs in May dropped, but remained at the high levels we were seeing last October and November," said. "The fluctuation in the numbers is due to the on-again-off-again trend of the Phishers using multiple URLs on the same domain. For example, in April, 80% of all phish URLs used multiple URLs per domain.