June 2, 2005
Pharming for profits
Attacks are soaring at an alarming rate, security experts say
SAN JOSE -- Following Deep Throat's advice to "follow the money," hackers today are committing fraud at alarming rates, using sophisticated, multilayered "pharming" botnets that point to the need for new forms of authentication to secure e-mail originators as well as Web site destinations.
A four-member panel of cybercrime fighters dissected the ominous "phishing without a lure" pharming attacks in an "eCrime Calling" workshop at the InBox e-mail security conference here, co-sponsored by the Anti-Phishing Working Group.
Oliver Friedrichs, security manager at Symantec Corp.'s security response center, said the increase in pharming attacks has produced a steep rise in cybercrime statistics. The company's DeepSight global Internet sensor network recorded a 360% increase in phishing or pharming e-mails during the last half of 2004.
DeepSight's 2 million honeypots and 4,000 devices recorded 9 million phishing e-mails for the last half of 2004, dwarfing the 2 million identified in last year's first six months. In a phishing scam, e-mail messages that look like they come from a legitimate Web site, such as a bank, are sent to users to lure them into entering sensitive information.