Some phishers use compromised computers to host malicious or illegal
activities, including identity theft, fraudulent financial activities,
as well as collecting personal information and business identities from
their victims for future use.

Others attack or “hack” into and gain administrative control over the
legitimate web sites1 of businesses and organizations of all sizes. Such
hacked web sites disguise the bad acts the phishers perform. More
importantly, web site hackers are fully aware that the web sites they
hack and “own” are reputably legitimate. Law enforcement and
anti‐phishing responders respect and operate under established business,
technical, and legal constraints when they seek to remedy or take down
hacked web sites.

These measures protect legitimate web site operators but unfortunately
serve the attacker as well by extending the duration of the attack.

The Anti‐Phishing Working Group (APWG) offers this document as a
reference guide for any web site owner or operator who suspects,
discovers, or receives notification that its web site is being used to
host a phishing site. The document explains important incident response
measures to take in the areas of identification, notification,
containment, recovery, restoration, and follow‐up when an attack is
suspected or confirmed.

Dave (this is a public information announcement)