New phishing threat outpaces Netsky-P


New phishing threat outpaces Netsky-P

Robert Westervelt, News Editor

A new phishing threat aimed at customers of a German-based bank is having an effect globally as it surpasses the Netsky-P phishing malware in detections, according to antivirus vendor Fortinet.

In an advisory issued Oct. 6, the Sunnyvale, Calif.-based vendor said BankFraud.OD!Phish targets customers of Volksbanken Raiffeisenbanken, one of Germany's largest banks. It was first detected Sept. 26 and quickly ramped up to 50,000 detections a day, said Guillaume Lovet, the European threat response team leader at Fortinet.

"This is unusual because cyber criminals now use Trojans and worms to avoid detection," Lovet said. "For that reason, worldwide outbreaks have been very limited."

Though the bank is based in Germany, nearly half of the phishing attacks were detected outside the country, Lovet said. The phishing threat is received through email with an embedded image portraying a message for a Volksbanken client to click a link to update their banking information.

Also unusual, according to Lovet, is that the email attack also contains hidden random sentences similar to sentences used with white-on-white phishing threats, but with a slightly darker shade to avoid being detected by antispam software.

"Phishers use the white-on-white strategy to evade spamming filters, but this is the first time we've seen a slightly darker shade used, so it has slipped through some spamming filters," Lovet said.

The new phishing threat outpaced Netsky-P, making it the top phishing threat globally, Lovet said.

Netsky-P is often used as a benchmark for mass mailing phishing attacks, Lovet said. The only other phishing attack to ever surpass Netsky-P was the eBay!Phish of 2005, which was a threat to a global online retailer, he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy