From February 2007 to January 2009, the security firm traced 38 different phishing scams that the gang launched from Eastern Europe.
The gang operates by sending highly personalised e-mails to lure employees mainly of SMEs into opening an attachment containing a Trojan.
The Trojan then captures usernames and passwords and continues to gather information on users' online bank accounts, which the gang later uses to steal money.
Rick Howard, director of intelligence at iDefense, said the latest attacks are similar in style to those seen five months ago, but on a larger scale and using a different Trojan.
Phishing attacks, particularly incidences of spear phishing, increased in volume throughout 2008 and show no sign of abating in 2009, he said.
These types of attacks continue to evolve, said Howard, with phishers able to mimic legitimate web pages much more effectively, making them nearly indistinguishable from genuine sites.
"Phishers are also cloaking fake URLs and launching multiple rounds of attacks from different domains," he said.
This article was first published by Computer Weekly.