A group of sophisticated and proficient hackers known as the "Avalanche" gang was responsible for setting up and operating more than two-thirds of the 126,000-plus fake Web sites designed to steal Internet users' credit card numbers, bank account information and infect their PCs with malware.
Through the use of sophisticated malware and phishing tactics, the group was singlehandedly responsible for the ominous increase in worldwide phishing attacks in the last six months of 2009, according to a report (PDF format) released by the Anti-Phishing Working Group, a consortium of Web retailing, software, security and financial firms.
"Avalanche's impact was unprecedented," said Greg Aaron, director of key account management and domain security at Afilias and co-author of the study. "The losses by banks and individual Internet users were staggering."
Phishing syndicates have branched out from generic Web sites and unsolicited e-mail campaigns to more targeted cyber attacks on specific executives and retail brands, giving them more detailed and valuable data from corporations and government agencies.
Researchers said the Avalanche group is by far the world's most prolific phishing operation because its members managed to perfect a two-pronged system that simultaneously deploys mass-producing phishing sites while also distributing malware that gives the crooks even more tools to pull off their scams.
The good news for consumers and enterprises worried about security is that the group's prodigious efforts drew plenty of attention from security software vendors and research groups that were able to develop some fairly effective countermeasures to slow down Avalanche's momentum.
"The data shows that the anti-phishing community -- including the target institutions, security responders, and domain name registries and registrars -- got very good at identifying and shutting down Avalanche's attacks on a day-to-day basis," said Rod Rasmussen, founder and CTO of Internet Identity and a co-author of the report.
"Further, a coordinated action against Avalanche's infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010," he added.
APWG reports that some 126,698 fake phishing sites were established in the second half of 2009, up from 56,697 in the first half of the year. More than 84,000 of those sites were created by Avalanche, according to the report.
The report said Avalanche hosted as many as 40 bogus pages on each botnet-hosted site, each designed to snare vital data such as credit card numbers, PIN numbers and specific personal information that would allow the crime ring to either withdraw funds from banks or purchase products on eBay and other online retail sites with the unsuspecting victims' data.
Often, the report said, the group used a variant of the Zeus botnet program to steal the information and infect more PCs at the same time.
The latest data from the IC3, a partnership between the FBI, the Bureau of Justice Assistance and the National White Collar Crime Center, found that the total number of cybercrime complaints rose 22 percent in 2009 to 336,655 cases.
Almost $560 million in losses related to identity theft, phishing scams and outright fraud were reported last year, more than double the $264.4 million lost in 2008 despite increased consumer awareness and reporting.