Avalanche Fast-flux and Blended Attacks

Phishing attacks have become more sophisticated with the use of fast-flux botnets as resilient attack platforms. The fast-fluxing among hundreds of compromised computers which serve as proxies for phishing sites means that detection and shutdown become more difficult.

One particular fast-flux botnet called Avalanche has received much attention in recent months as a major platform for hosting phishing sites. What has not been discussed as much is how the distinction between phishing and malware has ceased to exist.

Avalanche offers a prime example of how blended attacks are launched from a fast-flux botnet platform. Arbor Networks reported earlier this month that the cybercriminal gangs behind the Avalanche botnet and the Zeus/Zbot malware have entered a partnership whereby the Zeus malware gang is using the Avalanche fast-flux botnet to launch its attacks. “We appear to be seeing one of the groups, Avalanche, promoting Zeus malware, observed botnet security researcher Jose Nazario. “They don‰Ûªt compete, and they both have good market positions, so they can grow each other.”

Recent blended attacks hosted on Avalanche reported this month targeted a major credit card company and a large Spanish bank operating in Latin America. Cybercriminals have teamed up their best-of-breed fast-flux and malware capabilities. MarkMonitor AntiFraud anticipated these developments with its unique preventive capabilities for preemptively detecting and shutting down fast-flux-based phishing and malware attacks.

More details about recent blended attacks hosted on the Avalanche platform:

December 11: http://news.zdnet.co.uk/security/0,1000000189,39933618,00.htm
December 12: http://garwarner.blogspot.com/2009/12/ongoing-visa-scam-drop-zeus-zbot.html
December 22: http://garwarner.blogspot.com/2009/12/donde-se-va-avalanche-bbva-y-united.html