As take-down efforts intensify, Internet fraudsters are beginning to employ novel techniques to keep their fraud campaigns afloat. A recent such technique is fast flux, where the DNS records of a fraud Web site are provisioned such that the site resolves to an unusually large number of IP addresses, each with a short validity. Fast flux hurts take-down efforts. This article studies aspects of detecting and defending against fast flux, and its prevalence in phishing today.