Phishing & BotNets
Taking Down Phishing Site Aug 01 2007 02:16PM
pecorelf gmail com (2 replies)
Re: Taking Down Phishing Site Aug 07 2007 08:28PM
Leif Ericksen (lericksen sbcglobal net)
IF you are in the US, contact the FBI, and if there was an intrusion
that provided the phisher with access to send the message they will
really get a kick out of that I am sure.

If you have some substantial proof that the phish ran through a specific
ISP, RoadRunner, AT&T, Verizon or the likes see if you can co-ordinate
with the ISP some sort of blocking. /You (as a bank, paypal, or other
business) provide the ISP with your valid mail servers, and the ISP
blocks ALL traffic reporting to come from your domain unless it comes
from the valid mail servers./ If you need the FBI to arrange said
contacts do so. I am sure that would be a good start.

More needs to be done, and I am sure the system admins of the mail
servers are just as concerned about the issue. But unless they work for
a small company I am willing to bet that their hands are tied and they
can not take an active role in trying to eradicate the problem by
contacting site owners directly or even trying to bring the problem to
the attention of the FBI.

If you are not US based replace FBI with your countries proper legal
authority.

data collection and providing it to the authorities in a timely manner
is the biggest issue of challenge here. If IPS are blocked they will
eventually be re-opened and the phisher will have moved on to a new IP
that is not blocked. It is a never ending cycle that is in essence a
problem of itself.

just my few thoughts.
--
Leif Ericksen

On Wed, 2007-08-01 at 14:16 +0000, pecorelf (at) gmail (dot) com [email concealed] wrote:
> Hi folks,
>
> Few months ago I have been analyzing some companies that offers its services fighting phishing websites that affect to your company. One of them is Hispasec, Hispasec is a company from Spain that has been doing a great work in these terms.
>
> Now, my question is, what actions take those companies when they detect a phishing site in order to go down it. I am very impressive with the efectiveness and the speed to going down a phishing website the these companies offer.
>
> The only action that I consider is to write/to call to the hosting company.
>
> What actions these companies take? Or what others actions do you suggest to me?
>
> --
> Regards,
> FP

[ reply ]
Re: Taking Down Phishing Site Aug 02 2007 10:20PM
Terry Cutler (tcutler novell com) (1 replies)
RE: Taking Down Phishing Site Aug 09 2007 01:45AM
Sean (s ennis shaw ca)


 

Privacy Statement
Copyright 2010, SecurityFocus