Wednesday, June 7, 2006

A new type of phishing wave is on the move

New phishing emails and other mail phenomena have been discovered

Tettnang, 7 June 2006 – Since Tuesday the 6th June, the security experts at Avira have been recording a higher level of phishing activity on the Internet: According to reports coming from their honeypot systems there are currently emails in circulation that have a 3-7 digit long sequence of numbers as the subject line and as the text of the email. The Internet specialists at Avira assume that online fraudsters are using this method to check how update the entries in their email distribution lists are, making sure that they have the most recent information. Computer users should watch out for a new wave of phishing and spam that has also appeared since Tuesday with new variants of phishing emails.

This current development has seen more and more emails now being sent that only contain a few figures in the subject and in the text of the email. It is highly suspected, therefore, that operators of botnets are using this method to send emails directly through email routings of zombie computers in order to be able to read on the reply of the receiving server whether the address used is valid. The numbers could also be used here for the allocation of botnets.

In addition to any possible trend as described above, there are a variety of banks and trading platforms that are currently being targeted through phishing such as Visa, E-Bay, Payback, Chase or First National Bank, and since Tuesday the Deutsche Apotheker- und Ärztebank, Ohio Savings Bank and élan Credit Card Services have also become the target of online fraudsters: All three new phishing variants attempt to obtain the bank access data, credit card details and personal data of the bank customers among the recipients of the mass email. In the case of the Deutsche Apotheker- und Ärztebank, the text of the email is in German and contains an authentic looking logo of the banking institution.

“Phishing frauds seem to be looking for new targets and are developing ever more sophisticated techniques to carry out their work. We have only today discovered the first phishing website installed on a HTTPS server, which was used to tempt Paypal users into disclosing their details,” says Gernot Hacker, security expert and acting managing director of Avira. “We urgently advise all computer users not to mistake emails as an official means of communication from their bank. No institution uses email to update their data. The conventional means of using post will also continue to be the safest means to obtain PIN numbers and account details.
Avira assumes that the emails with the numeric codes are being automatically sent from so-called zombies, that is to say from remotely controlled private computers, because they were being sent simultaneously from various Internet service providers in several different countries. These zombies are also commonly used as a means of bringing phishing and spam emails into mass circulation.

Further information on the latest phishing emails and examples as to what these emails look like in their original form, can be found by following the links below to Avira’s website:

Deutsche Apotheker- und Ärztebank:

élan Credit Card Services:

Ohio Savings Bank:

Paypal Phishing Website:

About Avira

Avira (formerly H+BEDV) is one of the pioneers in the IT security area. The security specialist has been developing as from 1988 cross-system security solutions for business and private customers under the brand name AntiVir. Some of these customers are leading national and international companies, various educational institutions as well as public entities.

The product portfolio comprises high-performance security solutions for workstations, file servers, web servers and mail servers as well as for PDAs and smartphones. The acquisition of the datapol technologies in 2006 provides Avira with additional leading technological solutions to protect and recover systems. The company doesn’t only have a wide range of products in the Windows environment; it is also one of the technology leaders in the UNIX market. Moreover, the company introduced the first SAP certified security solution for SAP NetWeaver in 2005 on the market.

The Avira AntiVir scanner is awarded the VB 100% on a regular basis and is proud to have a current TÜV Certificate (Technical Inspection Authority). The high competence of the company in the IT security area is also documented through the close collaboration with the Federal Office for Information Security (BSI).

The Avira security solutions can be obtained from the numerous Avira resellers, who represent and distribute the products all over Europe and abroad.

Company Contact:
Adela Kohl/Gernot Hacker
Lindauer Str. 21
D-88069 Tettnang
Telefon: +49 (0) 7542-500 0
Telefax: +49 (0) 7542-525 10

Press contact:
Jacklin Montag
Tel.: +49 (0) 89-17 30 19 19

About Avira

Avira protects people in the connected world – enabling everyone to manage, secure, and improve their digital lives. The Avira umbrella covers a portfolio of security and performance applications for Windows, Android, Mac, and iOS. In addition, the reach of our protective technologies extends through OEM partnerships. Our security solutions consistently achieve best-in-class results in independent tests for detection, performance, and usability. Avira is a privately-owned company that employs 500 people. Its headquarters are near Lake Constance, in Tettnang, Germany, and the company has additional offices in Romania, India, Singapore, China, Japan & the United States. A portion of Avira's sales support the Auerbach Foundation, which assists education, children, and families in need. For more information about Avira visit