Tuesday, October 10, 2006

New Anti-Phishing Tool by TippingPoint

No, I don't need a spell-checker. Phishing is pronounced the same as "fishing" and could be compared to the common American usage of "fishing for information" but on a much more dangerous level. People deceived by phishing scams provide personal and financial information, including credit card information, Social Security Number, bank account number, PIN numbers, etc.

Both soon-to-be-released popular browsers, IE7 and Firefox 2 have anti-phishing filters included in the new versions. Knowing about and avoiding phishing scams is one thing, but not all computer users will be able to update to IE7. Besides, it is much better to report phishing scams and have the sites taken down. This is precisely what Castle Cops and Sunbelt Software have been doing with the Phishing Incident Reporting and Termination (PIRT) anti-phishing community since it was formed in March. As Paul and Alex explained in the original Press Release:
"The reason this group was formed is to give consumers direct access to a dedicated task force that will take immediate and aggressive action to shutting down phishing sites," said Paul Laudanski, president of CastleCops.

"While there is a very active professional security community performing outstanding research and forensics on phishing sites, it's our experience that many of these phishing sites themselves aren't immediately reported to the ISP, or in the case of compromised sites, to the domain owner. This effort adds one more layer to the fight against phishing, making it increasingly more difficult for the criminals to perpetrate their scams on innocent users," said Alex Eckelberry, president of Sunbelt Software.
Where is all that taking me and how does it relate to the title of this post? We are right back to the necessity to take the phishing sites down. With the creation of Monkeyspaw, TippingPoint, a division of 3Com, has taken anti-phishing a step further than identification. In addition to checking Web sites for legitimacy, Monkeyspaw reports fraudulent sites. As Business Wire reports:

". . . Monkeyspaw checks Web sites for legitimacy and reports fraudulent sites.

TippingPoint is contributing Monkeyspaw to the public to help investigators analyze and report phishing and other malicious Web sites, said Tod Beardsley, Monkeyspaw creator and lead counter-fraud engineer at TippingPoint. By enabling security professionals and end users to easily validate Web sites and report fraudulent sites, we hope to make the Web a safer place.

Monkeyspaw is unique in that it works with other open source tools like Mozillas Firefox, an open source Web browser. Monkeyspaw is used to determine the owner of a particular web server, collect web server configuration information, determine the location of the site, and finally, report fraudulent sites to nearly 50 international organizations through CastleCops. CastleCops reports malicious activity directly to groups including the Federal Bureau of Investigation, Anti-Phishing Working Group, Korea Information Security Agency, and the Australian Computer Emergency Response Team. For full list of organizations that are notified regarding phishing sites, please visit: http://www.castlecops.com/pirt."

For instructions on putting this to work, see "Monkeyspaw: The Greasemonkey Security Professional's WebThinger".

No comments: