Internet Commerce Grows 13.2%

The report features a section devoted to the analysis of phishing attacks, a fast-growing category of criminal scams that trick Internet users into disclosing personal information, leading to identity theft. The briefing underscores the rapid growth in security attacks that have attended the near-continuous growth of e-commerce and Internet-based applications. Among the briefings findings are: Internet Usage and Growth - Internet commerce continued to increase during the past 12 months, with the total dollars transacted by a sample of VeriSign merchant customers increasing an average of 13.2 percent. - The briefing also measured a continuing pattern of growth in the number of Domain Name Service (DNS) queries, which totaled more than 400 billion per month in the first half of 2004. In total, DNS queries have grown over 1,200% since the height of the so-called Internet Boom. - Internet domain registrations, which have historically been an indicator of small-business growth, also continued a pattern of healthy expansion. Registrations of domain names for active Web sites increased by 23 percent for .com and 20 percent for .net during the first half of 2004, as compared to the same time frame in 2003. Internet Vulnerabilities, Other Security Events, and Fraud - According to the briefing, there was a noticeable increase in multi-vector worms in the first half of 2004. Such worms can simultaneously exploit several vulnerabilities in one attack, and have a longer shelf life than single-exploit worms. The most effective and potentially damaging example of this breed is called a phatbot, agobot, or gaobot. - The briefing also notes that exploits are released much more quickly following public announcements of vulnerabilities. This underscores the need for enterprise security managers to be more vigilant in vulnerability assessment, prioritization, and remediation. - VeriSign detected a rise in the number of security events per device during the first half of 2004, reaching a high of nearly 4,000,000 events during the month of March. Top countries by percentage of fraudulent transactions, determined by the origin of IP address, were led by Cameroon, with 100 percent of transactions determined as risky. Following Cameroon was Nigeria (96 percent), Indonesia (93 percent), and Slovenia (92 percent). Spotlight on Phishing - The report highlights the growing problem of this trend, providing examples of phishing exploits as well as guidance on the steps needed to prevent, detect, respond, and recover from such attacks. - In a sample of 490 phishing e-mails, targeting customers of 16 companies, VeriSign found that 93 percent were sent from forged or spoofed e-mail addresses; 5 percent came from sites making no attempt to disguise their destination, and 2 percent came from cousin sites, which closely mimic the company site they are seeking to imitate. - 37 percent of phishing e-mails directed users to capture sites located outside the United States, with a concentration in Korea, China, Poland, Brazil, Taiwan, Singapore, Australia and Indonesia. - VeriSign found the majority of phishing attacks were launched between 9:00 p.m. -- 4:00 a.m., when IT staffers are often on call or fewer in numbers. The briefing also notes that phishing attempts are especially difficult to detect due to their sophistication and ability to mimic legitimate communications from businesses. Phishers now lure victims by spoofing addresses and using browser camouflage techniques, such as floating a JavaScript window over an address bar. In addition, JavaScript windows can remain installed on a users browser to record information sent and received while that browser is active. The briefing, htt