eBay and its associated PayPal payment service were the two biggest targets of phishers during 2005, a U.K.-based Web performance and anti-phishing firm said this weekend.

Of the more than 41,000 phishing URLs that Netcraft confirmed in 2005, 62 percent targeted eBay and PayPal.

Many were what Netcraft dubbed "insta-spoofs," bogus URLs hosted from free sites or compromised machines, the latter often courtesy of a botnet. "Many of these spoof sites bear identical structures and file titles, suggesting deployment via kits that can be rapidly unpacked on a new machine," Netcraft stated in an online brief.

eBay and PayPal remain the top targets for a simple reason: it's where the people are.

"eBay and PayPal have more than 68 million active users between them, all of whom use e-mail, meaning bulk phishing e-mails will get a higher percentage of "hits" than other potential financial targets," the U.K.-based company said.

Netcraft also reviewed a 5,000-site sample of phishing URLs to find their country of origin, and tagged Rumania and Russia as the only nations whose top-level domains accounted for more than 1 percent of the year's phishing sites. (The bulk used the generic .com top-level domain.)

Romania, in fact, hosted 1,397 phishing sites in 2005, or about 3.3 percent of all .ro hostnames. Only South Korea, said Netcraft, hosts a higher percentage of phishing URLs (3,807 phishing URLs, or 9.1 percent of all sites with the .kr domain).

Netcraft provides a free-of-charge anti-phishing toolbar for the Windows versions of Microsoft's Internet Explorer and Mozilla's Firefox. The toolbar can be downloaded from the Netcraft site.