March 28, 2006 4:36 PM PST

Alert sounds alarm on phishing imposters

A correction was made to this story. Read below for details.
A new online service promises to send an e-mail alert when a Web site is copied and possibly used in a phishing scam.

The free service, dubbed PhishRegistry.org, is run by e-mail security company CipherTrust. Web site owners can use the service to monitor abuse of their brand, while consumers can submit URLs they use, such as a bank Web site, to the list of those monitored, CipherTrust said in a statement Tuesday.

The Web addresses are submitted via forms on the PhishRegistry Web site. The system then analyzes the legitimate site using CipherTrust's "Phisherprinting" technology, the company said. The technology essentially creates a "fingerprint" of the genuine pages using source code, images and text as markers.

After that, the system scans the Web and when it comes across a site, determines whether it is authentic by comparing the markers. It sends out an alert when attempts to duplicate the legitimate site have been detected. Site owners will receive weekly reports with information about suspect Web sites, the company said.

Phishing is a prevalent type of online scam in which attackers attempt to dupe Internet users into giving up sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

A common method used to combat phishing is to blacklist known bad sites and to then prevent access to them.

"Blocking does not solve the problem. It's just a temporary fix," Jonathan Zdziarski, a research scientist at CipherTrust, said Tuesday at a spam event hosted by the Massachusetts Institute of Technology. "Our main purpose is to give ammo to the companies being phished so that they can go and perform take-downs of the phishing sites."

The CipherTrust announcement comes on the heels of another effort to help fight phishing. On Monday, Sunbelt Software and online security community CastleCops launched the Phishing Incident Reporting and Termination squad, a volunteer effort to take down phishing Web sites.

Despite industry efforts, phishing is still on the rise. A record 9,715 phishing Web sites were spotted in January, according to a report from the Anti-Phishing Working Group.

CNET News.com's Candace Lombardi contributed to this report from Boston.

 

Correction: The quote in this story was attributed incorrectly. The speaker is Jon Zdiarski, presenter for CipherTrust at the MIT 2006 Spam Conference.

See more CNET content tagged:
CipherTrust Inc., phishing, phishing Web site, e-mail

2 comments

Join the conversation!
Add your comment
Now connect...
...this service with some ISP's that give a damn about there clients
and you've got something!

~Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
As well as...
Also connect it to Brightmail or MessageLabs so that it can very quickly find these fake sites. This sounds like an idea with a lot of good potential.

Not just for phishing, but also for people who steal your entire design and use it for their own.
Posted by TV James (680 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.