Phishing & BotNets
Taking Down Phishing Site Aug 01 2007 02:16PM
pecorelf gmail com (2 replies)
Re: Taking Down Phishing Site Aug 07 2007 08:28PM
Leif Ericksen (lericksen sbcglobal net)
Re: Taking Down Phishing Site Aug 02 2007 10:20PM
Terry Cutler (tcutler novell com) (1 replies)
RE: Taking Down Phishing Site Aug 09 2007 01:45AM
Sean (s ennis shaw ca)
IMHO - the phishing problem needs to be addressed from a broader
perspective. Typically, phishing sites are hosted only for a short period
of time - anywhere from a couple of hours, to maybe 2-3 days at the most.
Playing wack-a-mole with offending IPs does (as Terry eluded to) effectively
nothing to mitigate the ongoing risk.

Moving forward, I believe we will see an increasing trend to move away from
reactive solutions, to a larger well-accepted preventative sframework. This
framework would have to be centered around the concept of 'Reputation' or
'Trust', where we evaluate our choice to view a particular site based on the
relative trustworthiness. Of course, this would be a decision that is
automated through security solutions that can correlate global data and
actually establish these metrics.

Forgive the example, but in theory this is very much the same way that
people decide whom they should communicate or interact with on a daily
basis. When I first meet someone, I don't implicitly trust them, or
mistrust them. Only once I've gathered information (talking to other people
who know them, finding out more about there past, etc) will I know whether
or not to listen to what they have to say (i.e. browse to their site). If I
find out that this person just came into my country, does not have
established history, other people that trust him/her, etc. odds are I won't
give too much merit to what they are saying...

Anyhow, just my two cents - been a while since I've ranted :)


-----Original Message-----
From: Terry Cutler [mailto:tcutler (at) novell (dot) com [email concealed]]
Sent: Thursday, August 02, 2007 4:20 PM
To: pecorelf (at) gmail (dot) com [email concealed]; phishing (at) securityfocus (dot) com [email concealed]
Subject: Re: Taking Down Phishing Site

My guess is this.
The authorities will give them a fine and shutdown their IP segment. They'll
re-open under a new name, new IP block and start again. A new legal company
will start up and get assigned the Blacklisted IP addresses and realize that
they can't send out mail. They'll then get the IP range un-blocked and the
cycle starts over again.

Not to sure we really do have a permanent way to stop these guys.

Suggestions or comments about my perception ?

Terry P Cutler
Master CNE , CDE, CLP9&10, Certified Ethical Hacker
PSE - Premium Services Engineer
Novell Canada, Software for the Open Enterprise


Date: 8/2/2007 5:16 PM
Subject: Taking Down Phishing Site
Hi folks,

Few months ago I have been analyzing some companies that offers its services
fighting phishing websites that affect to your company. One of them is
Hispasec, Hispasec is a company from Spain that has been doing a great work
in these terms.

Now, my question is, what actions take those companies when they detect a
phishing site in order to go down it. I am very impressive with the
efectiveness and the speed to going down a phishing website the these
companies offer.

The only action that I consider is to write/to call to the hosting company.

What actions these companies take? Or what others actions do you suggest to


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus