Infamous Phishing Gang Uses Botnet to Boost Profits

The infamous phishing gang known as Avalanche has turned to the Zeus botnet to help boost their profits and diversify their activities. Experts say the cybercriminal gang, who last year were responsible for two-thirds of the world’s phishing attacks, has moved beyond just sending phishing emails to using Zeus to hijack browsers and conduct man-in-the-browser attacks. These attacks are generally very successful due to ignorance on the side of the bank. Most banks still don’t have a firm grasp on this type of attack or malware and are seldom able to prevent them.

The attacks set up an automated withdrawal and banks simply aren’t able to detect when such withdrawals haven’t been initated by the account owner. Most users can’t tell when their browsers have been hijacked either.

Avalanche has been around for years and is responsible for most of the fake PayPal, eBay, and Western Union emails that seem to flood the net. Almost every major bank, credit card company, and financial institution has been exploited for a phishing attack, and so have popular companies like Apple, UPS, and Amazon. In most cases links in the messages lead to malicious domains hosting pages that look nearly identical to those of the legit companies they are exploiting. They prompt the user to log in and that info is captured and sent to the gang. Occasionally a phishing attack will involve a fake storefront rather than brandjacking. In those cases unsuspecting victims think they are purchasing goods but although their order is accepted, the merchandise never arrives. Instead their credit card numbers are captured and used for spending sprees or sold to other cybercriminals.