Please find herewith the Anti Phishing Working Group report written by Greg Aaron and Rod Rasmussen, which I received on the ccNSO mailinglist. Rudi Vansnick <-------------- Internet Society Belgium ----------------> President - CEO Tel +32/(0)9/329.39.16 rudi.vansnick@isoc.be Mobile +32/(0)475/28.16.32 Dendermondesteenweg 143 B-9070 Destelbergen BELGIUM <- http://www.internetsociety.be "The Internet is for everyone"-> Begin doorgestuurd bericht:

Van: Gabriella Schittek <gabriella.schittek@icann.org> Datum: 25 mei 2010 05:46:08 GMT+02:00 Aan: "cctldcommunity@cctld-managers.org" <cctldcommunity@cctld-managers.org>, ccNSO Members <ccnso-members@icann.org> Kopie: ccNSO Council <ccnso-council@icann.org> Onderwerp: [ccnso-council] APWG report on worldwide phishing

Dear all,

The Anti Phishing Working Group (APWG) has released an update to their phishing survey report. See email below and attachment for more information.

Kind regards,

Gabi

------ Forwarded Message From: Rod Rasmussen <rod.rasmussen@internetidentity.com> Date: Mon, 24 May 2010 17:08:57 -0700 To: Chris Disspain <ceo@auda.org.au>, Gabriella Schittek <gabriella.schittek@icann.org> Cc: Greg Aaron <gaaron@afilias.info> Subject: APWG report on worldwide phishing - 2009 recap - one major phisher

I wanted to let you know that we have released an update to our Global Phishing Survey in conjunction with the APWG meeting this month in Brazil. We received a great deal of attention on this report due to the prevalence of Avalanche phishing attacks, and have fielded many requests for information and interviews. This single group (Avalanche) accounted for an amazing two-thirds of all phishing in the second half of 2009! There are some valuable lessons learned there, and an important "good news" story from the response that the entire community had in fighting this series of attacks. Please feel free to distribute this to your members and direct any questions to myself and/or Greg Aaron.

Highlights of the study include:

1. The Avalanche phishing gang was responsible for two-thirds of all phishing attacks launched in 2H2009. However, Avalanche changed its activities significantly in November 2009, and now has a different modus operandi and greatly reduced scale.

2. In 2H2009, the average uptime of all phishing attacks continued to drop from previous periods. Unfortunately, non-Avalanche phish stayed up noticeably longer in 2H2009 than they did in 1H2009.

3. The amount of Internet domain names and numbers used for phishing has remained fairly steady.

4. The great majority of phishing continued to be concentrated in certain namespaces -- just five top-level domains (TLDs).

5. Phishers are not leveraging the unique characteristics of internationalized domain names (IDNs).

6. Phishers continue to use subdomain services to host and manage phishing sites.

Best Regards and Cheers!

Rod

------ End of Forwarded Message