Just as we're experiencing a marked decline in computer virus and spyware activity during 2006--thanks in part to antispyware protection built into the latest antivirus solutions--there's been a marked uptick in phishing activity. According to the Anti-Phishing Workgroup, the number of new phishing sites increased 25 percent from August to September of this year. Yet this past week, Microsoft U.K. chief security adviser Ed Gibson told ZDNet.uk that "Organized criminals are not really interested in bank details--criminals want bandwidth to attack companies." At first, it appears that the Microsoft comment is out of sync with the phishing data now being made public. But closer inspection reveals that the Microsoft comment about the increasing interest in botnets isn't a contradiction but a very accurate statement about what's happening in the world of phishing.
Phishing 101
Phishing, in case you need a refresher, is the act of presenting a bogus Web site in the hope of capturing personal information. The information could be as simple as login passwords or as detailed as mother's maiden name and social security number. Phishers typically send out spam disguised as messages from Citibank, eBay, PayPal, or some other trusted institution with a link not to Citibank, eBay, or PayPal, but to a site hosted in a foreign country designed to look as if it's legit. Remember, don't click links embedded within e-mails; financial institutions don't send unsolicited e-mails, and the resulting URL landing page may be significantly different from the link you clicked.
 |
Phishers have started defeating existing antiphishing technology with a new technique dubbed 'rockphish.'
|
|
Phishing sites are collected and, in most cases, shut down within a day. There are several phishing lists; I use the list available at Broadband Reports.com. During the first few hours, the period when users are most exposed to a live phishing site, some sort of browser-level protection or site verification is needed.
Antiphishing tools
Current antiphishing methodology mirrors antivirus and antispyware technology using a combination of blocking what is known (using a white list) with behavior blocking (heuristics). When developing Internet Explorer 7 for Windows XP, Microsoft partnered with security vendors Cyveillance, InternetIdentity, MarkMonitor, and RSA Security's Cyota to create a new antiphishing tool within IE7. Microsoft claims its IE7 offers protection superior to all others, in part because of its advanced heuristics. Firefox use white lists but also allows advanced users to have Google's more advanced antiphishing tools check a site's validity instead.
After testing several antiphishing defenses, I found that the free solution from NetCraft (available for both IE and Firefox) remains the best; Netcraft blocked 8 out of every 10 sites I sampled over a period of 10 days. The antiphishing solutions included within Microsoft Internet Explorer 7 and Firefox 2 also blocked phishing sites, but not those visited within their first hour. Both IE7 and Firefox 2, under the same testing conditions, managed to stop on average only 4 out of every 10 new phishing sites reported, although after a few hours, they each did block all the test sites. That's important. The new sites are the most dangerous, and the phishers know this.
|
Aiding and abetting rockphish sites are hundreds of thousands bot-infested computers around the world which redirect visitors as needed to the new sites.
| |
|
Rockphish, anyone?
Phishers have started defeating existing antiphishing technology with a new technique dubbed rockphish. (By the way, get ready for a slew of specific phishing attacks in 2007 to take the names of various other types of fish.) The technique is simple, on the surface. If one site gets shut down, another phishing site comes online to replace it. And this process continues, using subdomains of a phishing server, for as long as the criminals want it to continue. This whack-a-mole strategy has already produced several examples of rockphish sites that can generate hundreds of URLs within a day or so, creating a huge problem for those trying to stop phishing.
Behind the scenes, aiding and abetting rockphish sites, are hundreds of thousands of bot-infested computers around the world, each redirecting visitors to the new phishing sites as needed. Here's where Microsoft's botnet comment intersects with the public antiphishing research we're seeing. Phishers appear to be investing their energies in buying or building better botnets to produce more durable rockphishing sites.
Solution
As mentioned, I recommend the antiphishing toolbar from Netcraft. I also recommend not linking to financial sites from e-mail or other Web sites, but bookmarking primary financial sites on your browser yourself. There are paid solutions out there, but I think with a little care and good behavior while online, you can still mitigate phishing attacks on your own and for free.
What's the best phishing example you've seen? Have you ever fallen for a phishing site? TalkBack to me.
RSS Feeds
End of Month Deals! TigerDirect >>
