Phishing & BotNets
RE: early detection Jan 06 2006 11:45PM
Compton, Rich (richard compton chartercom com)
FYI, TippingPoint also has some nice filters that prevent Phishing
attacks at the network layer. They have a nice pdf white paper about

-----Original Message-----
From: Alan Murphy [mailto:A.Murphy (at) F5 (dot) com [email concealed]]
Sent: Friday, January 06, 2006 1:36 PM
To: Saeed Abu Nimeh; phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: early detection


Most anti-phishing work these days is done on the client side, but there
is a decent push underway to track and protect from these on the server
side. A few examples:

- has a few rules for snort that pull from and
block known phishing domains. These rules can easily be reworked for
your particular firewall/IPS/IDS device.

- An excellent phishing news database;
also hosts one of the domain lists referenced above.

- There has been some good work in web application firewall space
recently to protect sites and content owners from phishing linking and
data mining.

<shameless-plug> F5 has a method for protecting against these types of
intellectual property attacks before they get to the content servers
(posted in our development community forum):



There are other vendors doing similar work in the WAF space as well, but
I'll leave those for your google'ing enjoyment... ;)

Hope this helps...take care...

Alan Murphy a.murphy (at) f5 (dot) com [email concealed]
Product Management Engineer p. 206.272.5555
F5 Networks d. 206.272.6109
Seattle f. 206.448.6203
GnuPG Public Key ID: 0x08483FDF Key Server:
Fingerprint: D030 E086 85BF 9097 31EF E90A 1658 55ED 0848 3FDF

-----Original Message-----
From: Saeed Abu Nimeh [mailto:drellman (at) hotmail (dot) com [email concealed]]
Sent: Tuesday, December 13, 2005 12:32 AM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: early detection

Hi All,
I have two questions:
1)What are the early detection techniques used by companies to
determine/monitor phishing sites.
2) What are the techniques used for link analysis to fight phishing or
Are these tools available for users or they are specific for large
institutions. Is there a way to do experiments on them?
I know both questions might be broad but I want to have an idea.


The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus