The world's most active phishing gang is no longer phishing as much, researchers said, but that's not necessarily good news.
The Avalanche gang instead has moved from using conventional e-mail spam to trick users into entering their PINs and passwords at spoof sites and instead is relying more on infecting computers with the Zeus Trojan credential-stealing malware.
That's according to a new report from the Anti-Phishing Working Group, which said its research found that the Avalanche botnet infrastructure went from accounting for two-thirds of all observed phishing attacks in late 2009 to only four this past July.
Instead, the crime syndicate now concentrates on sending billions of faked messages purporting to be from the IRS, social networks and other sites. The Zeus Trojan is then downloaded and begins capturing identifying information if the recipient visits the links in the fake e-mails.
"While the cessation of phishing operations by the Avalanche phishing group is great news for the antiphishing community, their shift to the nearly exclusive distribution of Zeus malware is an ominous development in the e-crime landscape," said study co-author Rod Rasmussen of Internet Identity in Tacoma, Wash.
"Their spamming and other activities to target victims continues at high levels, implying they are finding malware distribution a more effective and profitable tactic than traditional phishing," he said.
The APWG report noted, however, that traditional phishing attacks continue as well, as multiple tools are used by cyber fraudsters to steal online.
The APWG is a global coalition of more than 1,800 industry, law enforcement and other government and nongovernmental organizations formed in 2003 to fight identity theft and fraud resulting from phishing, e-mail spoofing and crimeware.