Alex Eckelberry blogs about phishing clusters.

Oddly, I’ve heard of this, since it’s InternetPerils that has discovered these clusters of phishing servers.

I’ll quote the gist below:

Phishing e-mail messages arrive in millions of mailboxes every day, pretending to be from a bank such as Bank of America, or from an E-tailer such as eBay or Paypal. A typical phishing e-mail directs its recipients to a web page with instructions to enter passwords or social security numbers to verify identity, but the web page is a scam and is not actually associated with the bank; it’s on some other server.

No individual target of phishing would ever know that the phishing clusters exposed by InternetPerils exist, since each cluster attacks many different targets. Starting with phishing reports provided by the Anti-Phishing Working Group (APWG), InternetPerils collects ongoing network performance and topology data. PhishScope analyzes the composite data and animates it visually. PhishScope has already detected many clusters. In this example cluster, PhishScope shows phishing servers operating from the ISP schlund.net, based in Karlsruhe, Germany, for a time period ranging from May through September 20, 2006.

If you want to see the quote from me, follow the link.

-jsq