Fraudsters have gotten so efficient at creating, selling and deploying malware that one major Internet security firm now calls it "fraud-as-a-service."
Like legitimate software-as-a-service, the computer tools are offered through their underground industry in an increasingly commoditized fashion, according to RSA, The Security Division of EMC.
The firm-which claims to have shut down almost 300,000 phishing attacks and protects more than 300 organizations-said that its latest analysis found compromised e-mail addresses at 60% of the Fortune 500 companies and that fully 88% of the domains used by those same companies had been infected to some extent by the Zeus keystroke-logging Trojan alone.
Credit unions, however, seem to be falling out of favor a bit with phishers, drawing only 4% of attacks on U.S. financial institutions in March, down from 22% in March 2009 and compared with 57% on national banks and 39% on regional banks, RSA said.
