Citibank is a phishing favourite

Analysis by mail security firm Ciphertrust reveals that the hijacked computers are unwitting accomplices for almost all so-called phishing attacks.

Its research shows that the hijacked PCs are organised into five separate networks of zombie computers that send out the fraudulent e-mails.

American PCs sent out the most messages and South Korea was in second place.

Numbers game

Ciphertrust carried out its analysis on messages that passed through its mail filtering hardware during the first two weeks of October.

PHISHING TARGETS Citibank - 54.16% Smith Barney - 13.48% SunTrust - 10.02% Paypal - 7.57% Wells Fargo - 5.42% HSBC - 5.07% eBay - 4.15% USBank - 0.11% CitizensBank - 0.014%

Only 1% of the e-mails sent were so-called phishing attacks that pose as messages from financial organisations and try to con people into handing over account information, password and login details.

Ciphertrust said that analysis of the net addresses used to relay these messages show that they are passing through a relatively small number of zombie networks.

The company said perhaps as few as five zombie networks were responsible for funnelling the fraudulent messages and each network can call on a pool of about 1,000 PCs.

Almost a third of these zombies, 32%, were sited in the US. A further 16% were in South Korea and the remaining 52% were in 98 other countries.

The US and South Korea were so popular with the phishing gangs because broadband is much more widely used in those countries.

Zombie net

"Phishing attacks represent a collaboration of the world's most skilled hackers and organised crime," said Paul Judge, chief technology officer at Ciphertrust.

PHISHING SOURCES United States - 32.07% Republic of Korea - 15.39% France - 6.55% China - 6.40% United Kingdom - 4.06% Germany - 3.85% Spain - 3.81% Japan - 3.05% Italy - 2.48%

"Instead of breaking into the bank to take money, phishers are tricking users into handing over their account information, or rather the electronic keys to the vault."

Many PCs in homes and businesses have been recruited into the zombie networks by falling victim to one of the many viruses currently in circulation.

Many viruses, such as Bagle, MyDoom and Sobig, have been written specifically to open up a backdoor into a PC so that it can be controlled remotely by malicious hackers, spammers or criminals.

Ciphertrust said 70% of the home machines sending out phishing e-mail messages are also relaying spam.

Criminals and spammers are keen to use these zombie networks because the tactic helps them hide their tracks.