Our PIRT Handlers work on phish reporting and termination -- the results of
which feed into many applications and toolbars. At the moment, this is who
we feed into:

Alice's Registry, Anti-Phishing Working Group, Australian Computer
Emergency
Response Team (AusCERT), Authentium, Blue Coat, Brand Dimensions,
Co-Logic,
ContentKeeper Technologies, CyberDefender, EveryDNS, Federal Bureau of
Investigation
(FBI), Firetrust, For Critical Software Ltd, Fortinet, Forum of Incident
Response and
Security Teams (FIRST), FraudWatch International, Infotex, Internet Crime
Complaint
Center (IC3), Internet Identity, Intellectual Property Services, Korea
Information
Security Agency (KISA), Korea Internet Security Center (KrCERT/CC),
Laboratoire
d'EXpertise en Securite Informatique (LEXSI), Malware Block List, National
Cyber-
Forensics and Training Alliance (NCFTA), Netcraft, NYSERNet, Okie Island
Trading
Company, OpenDNS, Rede Nacional de Ensino e Pesquisa (RNP),
Sunbelt-Software, Support
Intelligence, SURBL, Symantec, Team Cymru, Thomas Jefferson National
Accelerator
Facility (JLab), TrustDefender, United Online, United States Computer
Emergency
Readiness Team (DHS US-CERT), Websense, Webwasher, XBlock

What we need are more handlers volunteering their time to confirm and
terminate as many phish as possible every day.

Paul Laudanski, Microsoft MVP Windows-Security
Phish XML Feed: http://www.castlecops.com/article6619.html
Phish Takedown: http://castlecops.com/pirt
www.CastleCops.com | de.CastleCops.com | wiki.CastleCops.com

----- Original Message -----
From: "Saeed Abu Nimeh" <drellman (at) hotmail (dot) com [email concealed]>
To: "xun dong" <xundong (at) cs.york.ac (dot) uk [email concealed]>
Cc: <phishing (at) securityfocus (dot) com [email concealed]>
Sent: Thursday, July 27, 2006 3:22 PM
Subject: Re: Anti-phishing Toolbars Evaluation

>
>
> xun dong wrote:
>> There is one important feature of Anti-phishing toolbars has missed :
>> The time gap between the launch of a phishing attack and it is been
>> recognized by the toolbars. It is the most profitable period for phisher
>> and most damage have done during that period. The quicker the toolbar
>> can respond, the better protection it can provide.
>>
>
> This is similar to 0-day. Till the attack (in our case phishing site) is
> added to the engine (db) it is undetectable. How to estimate and solve
> this, I do not know!
>
>> Although it would be hard to calculate the exact time gap, but it would
>> be possible to discover who generally respond first. This is still hard
>> to do, but it is feasible. Any body has better ideas of doing this?
>>
>> It would be also useful to evaluate how the toolbars get updated. It
>> would also useful to point out whether the toolbar is database driven,
>> rule based or use other AI techniques. This information can reveal in
>> principle how well the toolbar can handle known and unknown phishing
>> attacks.
>>
>> The last suggestion I would made is add an entry about which platform it
>> support.
>>
>> -xun dong.
>>
>> Abhishek Kumar wrote:
>>> Hi All,
>>>
>>> Recently I carried out an evaluation of some of the popular
>>> Anti-phishing
>>> toolbars. The toolbars were tested on a number of parameters such as,
>>> accuracy in detecting phishing URLs, alerting mechanism, detailed
>>> analysis
>>> of websites, help information provided to users etc. The results
>>> obtained
>>> from the evaluation can help the users in selecting the right
>>> anti-phishing
>>> toolbar.
>>>
>>> You can read the details of the evaluation on my blog on phishing at
>>> http://phishtrails.blogspot.com/. All flowers, brickbats and
>>> suggestions are
>>> welcome.
>>>
>>> Thanks
>>> Abhishek
>>>
>>
>>
>>
>

[ reply ]