Phishing & BotNets
RE: Anti-phishing Toolbars Evaluation Jul 26 2006 11:00PM
Mark Hofman (mhofman shearwater com au) (1 replies)
RE: Anti-phishing Toolbars Evaluation Jul 27 2006 07:24AM
Joshua Perrymon (josh perrymon purehacking com)
This is from the IE7 help file: Looks like they are sending the sites you
visit back to M$. This makes sense because I have been noticing weird
traffic over SSL back to M$.

It should not be flagging any site with a login and password page as a
phishing site. I tested this by looking at about 10-15 sites on google using
the simple search "login"

Cheers,

JP

What is Phishing Filter and how can it help protect me?

Phishing Filter is a feature in Internet Explorer that helps detect phishing
websites. Phishing Filter uses three methods to help protect you from
phishing scams. First, it compares the addresses of websites you visit
against a list of sites reported to Microsoft as legitimate. This list is
stored on your computer. Second, it helps analyze the sites you visit to see
if they have the characteristics common to a phishing website. Third, with
your consent, Phishing Filter sends some website addresses to Microsoft to
be further checked against a frequently updated list of reported phishing
websites.

If the site you are visiting is on the list of reported phishing websites,
Internet Explorer will display a warning webpage and a notification on the
Address bar. From the warning webpage, you can continue or close the page.
If the website contains characteristics common to a phishing site but isn't
on the list, Internet Explorer will only notify you in the Address bar that
it might possibly be a phishing website. You can click the notification for
more information.

What information does Phishing Filter send to Microsoft?

When you use Phishing Filter to check websites automatically or manually,
the address of the website you are visiting will be sent to Microsoft,
together with some standard information from your computer such as your
computer's IP address, browser type, and Phishing Filter version number. To
help protect your privacy, the address information sent to Microsoft is
encrypted using SSL and limited to the domain and path of the website you
are visiting. Other information that might be associated with the web
address, such as search terms, information you entered in forms, or cookies,
will not be sent.

For example, if you visited the MSN search website at http://search.msn.com
and entered "MySecret" as the search term, instead of sending the full
address "http://search.msn.com/results.aspx?q=MySecret&FORM=QBHP", Phishing
Filter would remove the search term and only send
"http://search.msn.com/results.aspx".

Anonymous statistics about your use of Internet Explorer and Phishing Filter
will also be sent to Microsoft, such as the time and total number of
websites browsed since an address was sent to Microsoft for analysis. This
information, along with the information described above, will be used to
analyze and improve the Phishing Filter service. Microsoft will not use the
information it receives to personally identify you. For more information
about what information is sent and how it is used, see the Internet Explorer
privacy statement.

Joshua Perrymon, C.E.H.
Sr. Security Consultant

-----------------------------------------

Pure Hacking - The Leaders In Internet Security

-----Original Message-----
From: Mark Hofman [mailto:mhofman (at) shearwater.com (dot) au [email concealed]]
Sent: Thursday, 27 July 2006 9:01 AM
Cc: phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: Anti-phishing Toolbars Evaluation

I'll qualify this by saying I haven't done much testing of IE7, but from
what I have seen so far, it just sees any page asking for a userid and
password (providing it recognises the userid and password fields) as a
Phising page.

Mark

-----Original Message-----
From: Joshua Perrymon [mailto:josh.perrymon (at) purehacking (dot) com [email concealed]]
Sent: Wednesday, 26 July 2006 12:06 PM
To: 'Abhishek Kumar'; 'Paul Laudanski'
Cc: phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: Anti-phishing Toolbars Evaluation

We perform controlled phishing attacks on our global attacks almost daily. I
can say the IE7 phsihing filter has never detected any of our sites. I'm
guessing this is due to a white-listing approach and all of our attacks are
one-off.

My thoughts on an effective anti-phishing browser solution would also need
to have the ability to be updated. Example- If the company had a widget that
would detect directed phishing attacks.. Then this information could be
disseminated to the toolbar to stop users from visiting the site. This could
also be synced to remote users.

Or is this redundant because it should be done in a content management
solution?

Cheers,

JP

Joshua Perrymon, C.E.H.
Sr. Security Consultant

-----------------------------------------

Pure Hacking - The Leaders In Internet Security

-----Original Message-----
From: Abhishek Kumar [mailto:abhishek.kumar (at) paladion (dot) net [email concealed]]
Sent: Tuesday, 25 July 2006 10:52 PM
To: 'Paul Laudanski'
Cc: phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: Anti-phishing Toolbars Evaluation

Paul, thanks for pointing out additional toolbars and the list of Phishing
URLs.

It will make my next evaluation of the toolbars more exhaustive.

- Abhishek

-----Original Message-----
From: Paul Laudanski [mailto:paul (at) castlecops (dot) com [email concealed]]
Sent: Tuesday, July 25, 2006 12:22 AM
To: Abhishek Kumar; phishing (at) securityfocus (dot) com [email concealed]
Subject: Re: Anti-phishing Toolbars Evaluation

One of the CastleCops staff kindly reminded me of a review thread that has
been done on this topic as well:

http://www.castlecops.com/postlite107217-phish+toolbars.html

Not exactly up-to-date, but it contains a few pages of discussions
surrounding toolbars.

Paul Laudanski, Microsoft MVP Windows-Security
Phish XML Feed: http://www.castlecops.com/article6619.html
Phish Takedown: http://castlecops.com/pirt
www.CastleCops.com | de.CastleCops.com | wiki.CastleCops.com

----- Original Message -----
From: "Paul Laudanski" <paul (at) castlecops (dot) com [email concealed]>
To: "Abhishek Kumar" <abhishek.kumar (at) paladion (dot) net [email concealed]>;
<phishing (at) securityfocus (dot) com [email concealed]>
Sent: Monday, July 24, 2006 2:05 PM
Subject: Re: Anti-phishing Toolbars Evaluation

> Thank you for your assessment. Its a good start, but to get a better
> profile of the toolbars I'd highly recommend increasing your phish
> sampling size.
>
> You can always use our confirmed/terminated lists:
>
> http://www.castlecops.com/modules.php?name=Fried_Phish&fp=phish
> http://www.castlecops.com/modules.php?name=Fried_Phish&fp=phish&which=
> 6
>
> You may also want to check out some other toolbars like that from
> Firetrust and Compete or Google Firefox Toolbar:
>
> http://toolbar.google.com/firefox/
> http://www.firetrust.com/firetrustsitehound.html
> http://home.compete.com/
>
> Some of these pull the same sources.
>
> Paul Laudanski, Microsoft MVP Windows-Security
> Phish XML Feed: http://www.castlecops.com/article6619.html
> Phish Takedown: http://castlecops.com/pirt
> www.CastleCops.com | de.CastleCops.com | wiki.CastleCops.com
>
> ----- Original Message -----
> From: "Abhishek Kumar" <abhishek.kumar (at) paladion (dot) net [email concealed]>
> To: <phishing (at) securityfocus (dot) com [email concealed]>
> Sent: Monday, July 24, 2006 5:08 AM
> Subject: Anti-phishing Toolbars Evaluation
>
>
>> Hi All,
>>
>> Recently I carried out an evaluation of some of the popular
>> Anti-phishing toolbars. The toolbars were tested on a number of
>> parameters such as, accuracy in detecting phishing URLs, alerting
>> mechanism, detailed analysis of websites, help information provided
>> to users etc. The results obtained from the evaluation can help the
>> users in selecting the right anti-phishing
>> toolbar.
>>
>> You can read the details of the evaluation on my blog on phishing at
>> http://phishtrails.blogspot.com/. All flowers, brickbats and
>> suggestions are welcome.
>>
>> Thanks
>> Abhishek
>>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus