Bump this please.
I found what I think is an interesting tidbit while perusing thru email specifications (SMTP). Email server implementations MUST support the user "POSTMASTER" as a valid address, thus being a reliable receptacle for email for any email domain. On the other hand, this could be implemented as a "write-only" dead letter office, but you can be reasonably certain the email won't bounce and the address will be valid without looking anything up.
Anti-Phishing Working Group (APWG) analysts have uncovered disturbing shifts in phishing attacks indicating that hackers are achieving new levels of automation, possibly commanding software tools and BOT nets to vastly increase the potency of their phishing campaigns. Starting in early October, APWG analysts witnessed massive increases in the amount of phishing sites, most all outside the US, indicating that a new and powerful set of tools might have been deployed recently.
Moreover, the number of sites that are being hosted on what appear to be compromised broadband PC's has risen to more than 50 percent, leading Dan Hubbard, Senior Director of Security and Technology Research at Websense, Inc., to suspect that "some automation was involved with a BOT Network to either send more emails and/or host more sites."
Meanwhile, the number of brands subjected to the largest numbers of phishing attacks rose from four in July to six in October, indicating a broadening of attack subjects, CTO John Thielens of Tumbleweed Communications wrote in the APWG's Phishing Activity for October report.
The APWG, with this report, authored jointly by Websense ® Security Labs (TM) and Tumbleweed Communications, redrafted its methodology to give greater resolution to the server side of phishing attacks and, at the same time, omitted scoring of the number of attacks against individual brand-holders, referencing only broad verticals.
The full text of the report is available online at: http://www.antiphishing.org/APWG_Phishing_Activity_Report-Oct2004.pdf
The Anti-Phishing Working Group
The APWG is the global counter-phishing flag ship organizing the community of stakeholders confronting the phishing threat, including national law enforcement agencies, financial institutions, national ISPs, ISVs and hardware vendors and e-commerce companies. The group has more than 930 members worldwide from some 590 companies, government regulatory agencies and law enforcement bureaus, as well as some 60 sponsors including: ActivCard (ACTI), Affinity, Anakam, Cloudmark, Cyota, Cyveillance, Datanautics, Entrust (ENTU), Experian, GeoTrust, GoDaddy, MarkMonitor, McAfee (MFE), MessageLevel, Microsoft (MSFT), NameProtect, NetIQ (NTIQ), PassMark, SAIC, RSA Security (RSAS), Symantec (SYMC), Trend Micro (TMIC), Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Visa Canada, Websense, Inc. (WBSN), WholeSecurity, 0Spam.net ------------------------------------------------------------
Contact: The Anti-Phishing Working Group Press Contacts: David Jevans, 650-996-2142 Chairman Dave.jevans@antiphishing.org or Peter Cassidy, 617-669-1123 Secretary General pcassidy@triarche.com or Websense, Inc. Ronnie Manning, 858-320-9274 Manager, Public Relations rmanning@websense.com