New Netcraft Toolbar Blocks Phishing, Analyzes Web Sites

By Larry Seltzer  |  Posted 2004-12-30 Print this article Print

Review: Protect yourself from fraudulent sites by having as much information as possible about them. The Netcraft Toolbar makes that information convenient.

A new, free browser add-in from English Internet services firm Netcraft Ltd. fights phishing attacks and helps users investigate sites they visit. tested the new tool bar, available initially only for Internet Explorer on Windows 2000 and Windows XP, and liked what we saw. All but one phishing link we visited was interrupted by a popup from the tool bar (click here to see a sample) and we used the built-in link to report the one site that the tool bar didnt block.

Once installed, the tool bar exists as an IE Explorer Bar, much like the Google tool bar, and coexisted well with other Explorer bars in our tests. (See the image of the tool bar below and click the image to see it within a browser window.)

The tool bar has two buttons, both of which have links to other services by Netcraft, many of them free. The Netcraft button exposes other security functions, such as reporting a phishing site unknown to the tool bar and reporting false positives from the tool bar, as well as many statistical reports, such as which countries and hosting services have the most phishing sites.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. Netcraft is most famous for its Web server survey, reporting which Web server software is most in use on the Internet. For this and other research, the company scans the Internet regularly and has built up a large database of sites and what is running on them. This data plays a key role in the function of the tool bar.

Beyond the two buttons, the rest of the tool bar displays information about the site being viewed in the browser. First is the date the site was first observed by Netcraft. There is also a ranking of the site by number of visits, presumably by users through the Netcraft site and software. Finally, the tool bar reports the hosting service or netblock owner.

Netcraft tracks phishing sites in its database and uses that data to block sites when users visit them. The company also uses some heuristic techniques to block practices often used by phishers to deceive users, such as including <script> tags in a URL and other known attacks.

Even when the tool bar misses a phishing site, or some other type of Web-based fraud, the information in the tool bar could provide valuable clues about the legitimacy of the site. For instance, the site we visited that the tool bar didnt flag—purporting to be yet another Paypal log-in—was listed as a "New Site" (never seen before by Netcraft) and on a netblock owned by "Comite Gestor da Internet no Brasil." Just in case youre curious, the netblock for is owned by "eBay, Inc."

For more on fighting phishing attacks, read Larry Seltzers column "Spotting Phish and Phighting Back." According to Netcraft, the company has received a great many requests for a Mozilla/Firefox version of the tool bar and is at work on it, but gave no dates for delivery.

Now that we have the tool bar running we expect to be using it frequently. Users who are nervous about fraud on the Internet can feel much better about the browsing experience by running the Netcraft Toolbar.

Check out eWEEK.coms for the latest security news, reviews and analysis.
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel