Mirroring the 13 percent drop in the number of fast-flux attacks launched last month (mostly by the Rock Phish gang), the use of fast-flux networks as a hosting method fell eleven percent as compared to the month prior from 73 percent to 62 percent. Phishing attacks hosted on hijacked websites increased from 18 percent to 22 percent, as did attacks hosted at commercial webhosting services, which climbed from four percent to ten percent. Hijacked computers accounted for three percent of phishing attacks, a portion identical to that of the month prior, while attacks hosted on free web hosting services rose from two to three percent.
Hosting methods
-Fast-flux networks produce an advanced
Denial of ServiceS(DNS) technique that utilizes a network of compromised computers, known as a botnet, to host and deliver phishing and malware websites. The compromised computers act as a proxy, or middleman, between the victim and the website. It is difficult to expose and shut down fast-flux networks as content servers that deliver phishing and malware websites are hidden behind a cloud of compromised machines whose addresses change very quickly in order to avoid detection.
-Hijacked websites are those where fraudsters host their illegal content on legitimate websites sub-domains, avoiding the registration of their own domains used for phishing attacks.
-commercial website hosting involves fraudsters who host their malicious websites for other fraudsters in exchange for a fee
-Hijacked computers consist of compromised computers whose IP addresses were assigned to a specific phishing domain.
-Free hosting refers to attacks that leverage free hosting services.