Gone Phishing in Dallas

Wednesday, March 13, 2013 @ 01:03 PM gHale

Phishing attacks are gaining in popularity across the globe because they are very effective and work well, and in the U.S., it appears Dallas, TX, is the home of the most carriers for these types of cyber assaults, a new study said.

The study, part of a PhD thesis entitled, “Internet Bad Neighbourhoods,” by computer scientist Giovane Moura at the University of Twente, the Netherlands, analyzed IP addresses associated with spam emails and phishing attacks.

SCADA Security: Open Phishing Season
Spear Phishing Takes it Up a Notch
APT Disconnect Means Poor Defense
‘Trust’ Risk Losses Soaring

He found the majority of IP addresses associated with phishing attacks were with Internet Service Providers (ISPs) in the U.S.

By city, Dallas was host to the largest number of ISPs linked to phishing attacks, with 107 sources. Other cities were Chicago, Provo, Houston and Montreal, Canada.

The distribution of the sources of phishing attacks correlates with the number of data centers in each location, Moura said.

When it came to spam emails on a worldwide level, Indian capital New Delhi topped the list with 297,638 sources, followed by Pakistani capital Islamabad and Indian high-tech city Bangalore.

The IP address linked to a phishing attack or spam email does not necessarily reveal the location of the people behind it just the locale of the IT infrastructure they use.

There are three reasons why an ISP may be a part of a high number of spam emails or phishing attack, Moura wrote in his paper:

“1. Some Internet service providers (ISPs) neglect malicious activities in their networks
“2. Whenever a host is infected by a malware, it is more likely that this malware is going to succeed in infecting neighboring hosts belonging to the same badly managed network than hosts in well managed networks
“3. Non-technical local factors may contribute, such as the rate of software piracy, legislation, culture, economic, education level in a country.”

Moura said finding out where the “bad neighborhoods” are on the Internet – ISPs most commonly associated with spam and phishing – would allow security companies and businesses to block IP addresses that may be risky.

Leave a Reply

You must be logged in to post a comment.