| Top
Security News |
YouTube Pops A Cap In Infringement
Users of the video sharing website have been gleefully posting all kinds of entertaining video content for others to see; unfortunately, quite a bit of that content has not been shared with the express consent of copyright holders for those works...
Temporary Patch Released For IE Flaw
A highly critical exploit is circulating via a flaw in Microsoft's Internet Explorer (IE) Web browser...
RFA Touts Avinti For “First Instance” Protection
Avinti Inc. and Richard Fleischman & Associates (RFA) announced a new partnership that looks to go beyond day-zero and provide "first-instance" e-mail outbreak protection for hedge-fund companies...
US PC Purchase From Lenovo Prompts Paranoia
Lenovo has a deal in play to provide 15,000 PCs to the State Department, but fears that the Chinese government may have stuffed those computers with bugging equipment have prompted calls for a probe into the matter...
P2P Worm Identified
A new worm is catching the attention of computer security agencies. W32/Inject-H spreads via peer-to-peer networks, acting as a backdoor Internet Relay Chat (IRC) to exploit Windows-based computers.
Bots Hunting Bank Information
Verisign's security research firm iDefense thinks the Metafisher bot (aka Spy-Agent and PWS) has a presence on a million computers and could leap into millions more...
|
|
|
|
The nascent Phishing Incident Reporting and Termination project sponsored by CastleCops and Sunbelt Software encourages people to report phishing attempts so they can be tracked down and terminated.
CastleCops calls the project Fried Phish on its website. Expanded information about the project on its wiki described the process for reporting phishing attempts and how the project will help combat them.
"The reason this group was formed is to give consumers direct access to a dedicated task force that will take immediate and aggressive action to shutting down phishing sites," Paul Laudanski, president of CastleCops, said in a statement.
Phishing attempts focus on grifting personal information from people, especially financial information. Thousands of emails that purportedly come from legitimate banking or credit card institutions quietly redirect a user to a lookalike site. The most sophisticated ones capture information and redirect the user request to the legitimate site, where the user is then logged in to the site and probably won't realize what just happened.
Users can visit the Fried Phish site and paste in the full source of a suspected phishing email. PIRT's Handlers, numbering about 50 at present, review the submission. When confirmed, the project contacts sends its findings to the appropriate ISPs, anti-phishing toolbar makers, and other authorities.
The approach focuses on shutting down a phishing attempt as fast as possible, PIRT noted.
Despite the vast number of phishing sites being hosted in places like Eastern Europe and Asia, PIRT said it is not impossible to shut down a phishing site found in those places.
"Based on its research, PIRT estimates that the success rate in shutting down a phishing site will be between 40%-50% of the sites identified. However, this number is expected to increase as the organization matures," PIRT said.
Growth will depend on community involvement. PIRT handlers participate as volunteers. Those who apply to be handlers and are accepted would be trained by other handlers to identify and act on phishing messages.
Alex Eckelberry, president of PIRT sponsor Sunbelt Software, discussed the genesis of PIRT in his blog:
A while back, (CastleCops president) Paul Laudanski and I worked together to shut down a phishing site on a financial services company. What did we do? We called them aggressively by phone. We contacted their ISP. We contacted the brokerage firm they used to clear their orders. In just a few hours, the thing was shut down.
This got us talking about the problem of phishing. Very few people report these phishing sites immediately and get them shut down. There's a lot of experts involved in phish fighting, but they're primarily dealing with the important security research and forensics angle of the business.
PIRT gives users the opportunity to report phishing attempts, and have those reports generate action to shut down phishing attempts at their source.
About
the Author:
David Utter is a business and technology writer with WebProNews and SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
