A four-member panel of cybercrime fighters dissected the ominous "phishing without a lure" pharming attacks in an "eCrime Calling" workshop at the InBox e-mail security conference here, co-sponsored by the Anti-Phishing Working Group.

Oliver Friedrichs, security manager at Symantec Corp.'s security response center, said the increase in pharming attacks has produced a steep rise in cybercrime statistics.The company's DeepSight global Internet sensor network recorded a 360% increase in phishing or pharming e-mails during the last half of 2004. DeepSight's 2 million honeypots and 4,000 devices recorded 9 million phishing e-mails for the last half of 2004, dwarfing the 2 million identified in last year's first six months. In a phishing scam, e-mail messages that look like they come from a legitimate Web site, such as a bank, are sent to users to lure them into entering sensitive information.

DeepSight analysis shows that 54% of all malware is designed to harvest confidential information from users, up from 44% in the second half of 2004 and 36% in the first half, Friedrichs said. Once infected, the top targets of the botnets are financial services companies followed by manufacturers. "Full Story"