The world's most prolific phishing gang has ditched the technique in favour of the Zeus password-stealing crimeware that does not require the victim to hand over their financial account credentials, according to a report from APWG.
APWG says its researchers have found a change in the methods of criminals behind the Avalanche botnet, which accounted for two-thirds of all phishing attacks observed worldwide in late 2009, leading victims to fake Web sites and tricking them into handing over details.
The Avalanche infrastructure was involved in just four conventional phishing attacks in the month of July 2010. Instead, the syndicate ramped up a concerted campaign of crimeware propagation to fool victims into receiving the Zeus Trojan and infecting their PCs with it.
Avalanche has been sending billions of faked messages from tax authorities such as the IRS, false alerts and updates purporting to be from popular social networking sites, and other lures, says APWG. These lures take victims to drive-by download sites, where the criminals infect vulnerable machines.
Once a machine is infected, the criminals can remotely access it, steal personal information and intercept passwords and online transactions. The criminals can even log into the victim's machine to perform online banking transactions.
Report co-author Rod Rasmussen says: "While the cessation of phishing operations by the Avalanche phishing group is great news for the anti-phishing community, their shift to the nearly exclusive distribution of Zeus malware is an ominous development in the e-crime landscape. Their spamming and other activities to target victims continues at high levels, implying they are finding malware distribution a more effective and profitable tactic than traditional phishing."