Phishing attacks rose by a third in November 2004 and the bogus websites involved are proving increasingly difficult to take down, according to research released by the Anti-Phishing Working Group (APWG).
The report found that 51 brands were attacked by phishers in November, usually banking and financial institutions. Over 1,500 phishing websites were discovered during the month, with the US being the preferred web hosting location.
Taking down bogus sites took nearly a week on average, but some sites remained up and functioning throughout the month.
"We have already seen indications that phishers are commanding automated distribution systems, apparently using botnets known as zombies," said David Jevans, chairman of the AWPG.
"These resources, combined with conventional key-logging and other innovative malicious code, are threatening to deliver more sophisticated attacks."
But phishing attacks are still relatively unsophisticated, according to the study. Two thirds of bogus sites did not mimic the URLs of the companies they were targeting, using a simple IP address instead.