Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Discovering and Stopping Phishing/Scam Attacks

From: "Alex" <incidents () alex gotdns org>
Date: Tue, 26 Apr 2005 18:51:19 -0500 (CDT)
I agree that checking by referer addresses is a powerful way to detect
phishing sites, but such logs can easily be adverted?

Doesn't some anti-popup software remove referer fields?

Simple use of javascript can allow a page to fetch anything without
showing up in referer logs.

While we are on the subject, has anyone come across commercial and/or
government websites being (illegally?) mirrored?

For example, I recently came a website located on a (Asian?) hosting
provider where the content of the website was EXACTLY that of a well-known
US govt website.  (It appeared that they ran the equivalent of a recursive
"wget" on the real site and hosted the files).  It appeared to be several
layers deep.

Why would anyone want to do that?

-Alex


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: