最近のフィッシングサイトのうち、Rock Phish関連(キットを使ってるところも含む?)が半数以上を占めている。
Rock PhishがFast Flux技術を使っていることを確認。
1つのドメインに複数のIPアドレスがアサインされていて、それを高速に切り替えて使っている。
サイトを突き止めるのが難しい。
PC World - Rock Phish May Be Using Fast Flux in Phishing Attacks
Fast flux is a method by which a domain name that phishers use has multiple IP (Internet Protocol) addresses assigned to it. The phishers switch those domains quickly between the addresses so that it's not as easy to find or shut down the phishing sites.
With fast flux, once a phishing site is found, it's not simply a matter of going to Internet service provider hosting the domain name to shut down the site; authorities must go to the domain name registrar, which is more time consuming and complex, Moore said.
"There is automated [site] replenishment," he said. "Once proxies are taken down, new ones are taken into the fold."
"They were burning through 400 IP addresses per week," Moore said. "It becomes impractically hard to take down these proxy machines."
MarkMonitorによると、Rock Phish関連は77%。
今年1月~7月の間に確認されたフィッシングサイトは22万件。
Security experts: Rock Phish is behind growing 'Net fraud - USATODAY.com
The gang is also targeting the commercial accounts of small and large businesses, says Fred Felman, chief marketing officer at MarkMonitor, a security company that has developed anti-phishing services. He estimates 77% of all active phishing sites are linked to Rock Phish and its methods.
More phishing sites have popped up this year — more than 220,000 and counting — than in the first seven months of any other year.
Leave a comment