By October of last year, Avalanche was such a big problem that security companies and the firms whose users were being phished got together in Seattle to share information on the group and work out ways of fighting the problem.

Companies began sharing data that had previously been kept private, and groups were formed to keep track of new Avalanche domains, said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham. "Whenever any brand or member saw a new domain, we went straight to the registrars and began pounding them from a bunch of different sources," he said in an instant-message interview.

That helped the good guys take down fake sites much faster than before. "In five years now of working anti-phishing research, this was the most coordinated community effort I've ever seen," Warner said.

The registries also were able to be more proactive. "And the different registries that were getting abused began learning how to recognize the domains on their own," he said.

In early 2008, the average takedown time for a phishing site was 49.5 hours, Aaron said. In the last half of 2009 that had been cut down to 31 hours, 38 minutes. Avalanche domains, however, went down twice as fast, on average, as other phishing domains.