UK banks were the second-most targeted in the world last month, following the emergence of phishing attacks via the Storm botnet, according to a new report from RSA.

UK financial institutions accounted for 15 percent of all banking brands targeted, according to a report from RSA's Anti-Fraud Command Center (AFCC) last week. They followed on from US banks at 61 percent.

RSA's findings are roughly consistent with those of other security firms. McAfee, for instance, found that over the past 24 hours, HSBC and NatWest were the second and third banks most targeted in phishing email subject headers, at 27-percent and 22-percent respectively. The top target was Citibank, at 47 percent.

British banks are some of the largest, with HSBC ranking fourth in the world by shareholder equity, after Citigroup, JPMorgan Chase and Bank of America, according to Euromoney magazine. Royal Bank of Scotland - of which NatWest is a subsidiary - was seventh-largest in the world.

The UK's newfound popularity as a phishing target is partly due to a new series of attacks relayed over the network of zombie PCs created by the Storm worm, according to RSA.

Last month, security researchers discovered the first Storm-based phishing attacks, which were directed against customers of Barclays and Halifax and which used the fast-flux technique.

In fast-flux, addresses are rapidly registered and de-registered with the address list for either a single DNS (domain name system) server or an entire DNS zone. In both cases, the strategy masks the IP address of the malware site by hiding it behind an ever-changing array of compromised machines acting as proxies. In extreme cases, the addresses change every second.

Storm was first identified on 17 January, 2007 as the malicious payload in a large spam run that used news of severe weather battering Europe as the bait to get people to open a file attachment.

Gregg Keizer of Computerworld contributed to this report.