Security Experts:

Connect with us

Hi, what are you looking for?



Attacks Targeting Classified Advertising Sites on the Rise

Despite spam levels being at the lowest level since March 2009 (according to a report released last week from Symantec’s MessageLabs

Despite spam levels being at the lowest level since March 2009 (according to a report released last week from Symantec’s MessageLabs), metrics released by the APWG indicate that cybercriminals are cultivating an array of alternative attack schemes, and in particular, increasing attacks on the online classified services sector with phishing attacks.

According to the APWG’s Q2, 2010 Phishing Activity Trends Report released this week, attacks targeting classified advertising sites accounted for 6.6 percent of phishing attacks in Q2 2010. Though the online payment services sector remained the most targeted industry with 38 percent of detected attacks in Q2, up from 37 percent in Q1, the classified advertisement services sector exhibited the most rapid growth in phishing attacks of all sectors in the half.

Phishing Stats

Classified sites including person-to-person trading sites such as Craigslist and Autotrader, as well as job boards, dating sites and other kinds of online commerce sites, enable cybercriminals to trick consumers into giving up funds or financial data that can be used for fraud, or even to draft them as unwitting accomplices into their criminal enterprises such as working as money mules.

Phishing Reports

Ihab Shraim, MarkMonitor’s Chief Security Officer and Trends Report contributing analyst said, “The Classifieds sector grew 142 percent from the previous quarter and over 91,000 percent from the comparable quarter [Q1] a year ago. This sudden growth may have been due to Auction sector phishing resources shifting over to the Classifieds sector.”

“These stats show that stolen credentials are a significant issue, whether by phishing or Trojan software, but it may even be underreporting the real seriousness of the problem,” said Alisdair Faulkner, Chief Products Officer at ThreatMetrix. “Unfortunately the pain is not just felt by the brands targeted by phishing attacks, it is every other online business that is then attacked with the stolen identity and credit card information. In just the last twenty four hours alone, ThreatMetrix detected 135,000 fraudulent transactions attempted against 350 of the top online companies.”

The report also highlighted growth in detected samples of rogueware, malware disguised as anti-virus or anti-spyware software, which rose 13 percent from quarter to quarter, up from 183,781 in Q1 to 207,322 in Q2, 2010.

Interestingly, just three rogueware “families” were responsible for 72 percent of all the samples detected in the period, according to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst. Adware/SecurityTool was the most frequently detected rogueware family in Q2 with 25 percent; Adware/TotalSecurity2009 was second with a 24 percent; and Adware/MSAntispyware2009 was third with 21 percent of the rogueware samples detected in Q2.

The APWG Q2, 2010 Trends Report, combining data from APWG members MarkMonitor, Websense and Panda Security with the APWG’s own statistical data, also reported:

● Unique phishing reports in Q2 2010 rose to an annual high of 33,617 in June, down 17 percent from the record high in August 2009 of 40,621 reports.

● The quarterly high of unique phishing websites detected was 33,253 in April, down 43 percent from the record high of 56,362 in August 2009.

● The Q2 high of 14,945 brand-domain pairs in April was down 63 percent from the record of 24,438 in 2009.

● The number of phished brands reached a high of 276 in May, down 22 percent from the all-time record of 356 in October, 2009.

● Payment Services accounted for 38 percent of attacks in Q2, up from 37 percent in Q1.

● United States continued its position as the top country for hosting phishing websites during Q2.

● Spain’s proportion of detected crimeware websites rose to 16 percent in Q2, from less than 4 percent in Q1.

● The percentage of computers infected with banking trojans and password stealers rose to 17 percent from 15 percent in Q1.

“While the once-rapid expansion of conventional phishing is apparently slowing, there is every indication that ecrime gangs are expending much greater effort to design and deploy ever more undetectable, manipulative, focused and attractive schemes to defraud consumers and enterprise users. These organizations have become no less ambitious, we should note, just increasingly sophisticated and evermore deft in their criminal craftsmanship,” APWG Secretary General, Peter Cassidy. 

The full APWG report is available here (Direct PDF Download)

Read More SecurityWeek Cybercrime Content 

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.