About Us

Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and award-winning mobile Web services.

eCrime Web site Longevity Drops As Internet Providers and Security Professionals Take Aim

Avalanche eCrime Gang Driving Increasingly Larger Share of Phishing Scams


TACOMA, Wash. Oct 21, 2009 – A new phishing survey released by the Anti-Phishing Work Group (APWG) reveals that the longevity of phishing Web sites dropped by 25 percent over the last year.

Uptimes are a vital measure of how damaging phishing attacks are -- the longer a phishing attack remains active, the more victims there can be. The decrease indicates collective progress is being made by the parties that fight phishing, and may be attributable to improved policies and operations at Internet infrastructure providers, brandholders, domain name registrars and registries, and private Internet security providers.

The "Global Phishing Survey: Trends and Domain Name Use in 1H2009" study found that phishing Web site longevity dropped to an average 39 hours in the first half of 2009, down from an average of 52 hours recorded in the second half of 2008.

The survey also revealed that a single criminal syndicate dubbed "Avalanche" was responsible for nearly one quarter of all phishing attacks in the first half of 2009. Indications are that the gang is continuing to claim a larger proportion of all detected phishing attacks.

"We're pleased to see that phishing site lifetimes are being positively affected," said Rod Rasmussen, co-author of the study and CTO of Internet Identity. "In particular, the survey demonstrates how anti-abuse programs at domain registries can have an immediate impact on the problem."

"The results also show that on the Internet, action and involvement by responsible parties can really help Internet users," said Greg Aaron, co-author and Director of Domain Security at Afilias. "When everyone takes responsibility and does their part to make it a safer place, good things happen. We think that is what we are seeing in the results of this study, and we'd all like to see more."

Other highlights from the report include:

  • The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two years.
  • Phishing attack and uptime statistics for all top-level domains (TLDs).
  • Statistics for phishing perpetrated on hacked Web servers The study is available here.

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,300 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including dentification and promotion of pragmatic technical solutions that provide immediate protection.

APWG's corporate sponsors are as follows: AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), Entrust (ENTU), eEye, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, Marshall8e6, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), TDS Telecom, Telefonica (TEF), Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO).



Peter Cassidy, +1 617 669 1123 pcassidy@antiphishing.org



Heather D. Read, +1 215 706 5777 hread@afilias.info


Internet Identity

pr@internetidentity.com +1 253 590 4100