Report blames 'Avalanche' group for most phishing

Avalanche was behind two-thirds of phishing attacks, but that has tapered off recently, following a takedown

A new report blames a single Eastern European gang for about two-thirds of all phishing attempts conducted in the last half of 2009.

The phishing group -- named Avalanche by security researchers because of the large quantity of attacks it generates -- was blamed for more than 84,000 out of the nearly 127,000 phishing attacks tracked by the Anti-Phishing Working Group (APWG), an organization of companies and law enforcement agencies that tracks phishing activity in its semi-annual reports.

Avalanche has used slick automated tools to crank out phishing attacks quickly, setting up fake Web sites and then spamming potential victims with e-mail messages designed to trick them into typing in their usernames and passwords.

The group has targeted about 40 institutions, including major U.S. and U.K. banks as well as online providers such as Yahoo and Google, said Greg Aaron, director of domain security with Internet infrastructure vendor Afilias, one of the authors of the report. "They were able to ramp up and they became very, very large," he said.

Spurred by this activity, the overall number of phishing attacks more than doubled in the last half of 2009 over the first half of the year.

Avalanche first popped up in late 2008, not long after the previous top phishing threat, Rock Phish, dropped off the scene. In fact, some antiphishing experts believe that Avalanche is simply the next generation of phishing tools designed by Rock Phish's creators. Researchers believe that Avalanche, like Rock Phish, is run out of an Eastern European country.

By October of last year, Avalanche was such a big problem that security companies and the firms whose users were being phished got together in Seattle to share information on the group and work out ways of fighting the problem.

Companies began sharing data that had previously been kept private, and groups were formed to keep track of new Avalanche domains, said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham. "Whenever any brand or member saw a new domain, we went straight to the registrars and began pounding them from a bunch of different sources," he said in an instant-message interview.

That helped the good guys take down fake sites much faster than before. "In five years now of working anti-phishing research, this was the most coordinated community effort I've ever seen," Warner said.

The registries also were able to be more proactive. "And the different registries that were getting abused began learning how to recognize the domains on their own," he said.

In early 2008, the average takedown time for a phishing site was 49.5 hours, Aaron said. In the last half of 2009 that had been cut down to 31 hours, 38 minutes. Avalanche domains, however, went down twice as fast, on average, as other phishing domains.

Right now, it looks like the group's work on Avalanche may be paying off.

In November, several unnamed security companies got together and took down Avalanche's infrastructure for about a week, Aaron said.

That takedown put a big dent in the number of phishing attacks for November, and following a brief rebound, Avalanche attacks have tapered off precipitously in the past few months, Aaron said.

He doesn't know how long this quiet period will last, however. "We don't know if they're going to fade away or if they're going to change what they're doing somehow and ramp back up again."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags phishingavalancheAnti-Phishing Working Group (APWG)

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?