In the past year, Cullinane has seen better organization by eBay fraudsters. Criminals are being paid to develop better types of attacks, and the attacks are getting harder to detect, he added. "The phishing e-mails I see are extremely sophisticated," he said.
Apparently, this growing professionalization has even cut down on mangled grammar. "The language they're using is very good." Cullinane said.
Last week eBay said data on 1,200 eBay members had probably been stolen via an phishing scam. The members' data was posted to the company's Trust & Safety discussion forum.
Cullinane's experience with phishing goes back to his previous employer, Washington Mutual Inc., which has been one of the top phishing targets in the U.S.
While there, he noticed an unusual trend when taking down phishing sites.
"The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.
Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected.
Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.
Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake Web sites, hoping to lure victims into disclosing their passwords.
"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."
Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks, said Iftach Amit, director of security research with Finjan Inc.'s malicious code research center.
Capabilities like this make Linux machines highly coveted by online attackers, and they fetch a premium in the underground marketplace for compromised machines, Amit said.