A single cybercrime gang using advanced malware was responsible for two thirds of all phishing attacks detected in the second half of 2009, according to a new report by the Anti-Phishing Working Group (APWG).

The report authors found the Avalanche phishing gang was responsible for 66 percent of all phishing attacks launched in the second half of 2009. Avalanche successfully targeted some 40 banks and online service providers, and domain name registrars and registries.

"Avalanche’s impact was unprecedented," said Greg Aaron, Director of Key Account Management and Domain Security at Afilias and co-author of the study.

"This one criminal group was responsible for two-thirds of the world’s phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual Internet users were staggering."

Avalanche was first detected in December of 2008 and was responsible for 24 percent of phishing attacks in the first half of 2009.  In the second half of 2009, the average Avalanche domain often hosted around 40 separate attacks at a time. While the number of Avalanche attacks was large, Avalanche domains were only about 14 percent of all domains used for phishing.

"Avalanche’s relentless activities led to the development of some very effective counter-measures," said Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study.

"The data shows that the anti-phishing community — including the target institutions, security responders, and domain name registries and registrars — got very good at identifying and shutting down Avalanche’s attacks on a day-to-day basis. Further, a coordinated action against Avalanche’s infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010."