After the global wave of phishing emails reaching a peak at the end of last week, by the 12th of November, it had tailed off. Here is the reason why
The overall graph looks like the following:
As is clear, the phishing attacks increased, then dramatically subsided around the 12th/13th.
The reason starts to become clear when we look at the graph for phishing attacks targeting Barclays bank:
We can compare this with the data for ebay:
The barclays phishing attack was accounted for by emails with one specific malware signature, in the main:
The two graphs showing the malware targeting Barclays are shown - the first for the last 30 days, and the second for the last three days.
This attack appears to come from a single botnet - or a group of botnets - all belonging to a single “Controlling Mind”. And, for whatever reason, this was taken down over the weekend - and doesn’t seem to have reappeared.
Looking at the analysis provided by the phishery, this email is one created by the “Rock” phishing kit. It predominantly uses paid for domain names for the target site. With many different domain names used - each point to a small pool of IPs - the pool changing every few days.
You can find more details at http://phishery.internetdefence.net.
We’ll keep watching to see if another attack is launched.