Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Phishers Slip Through Web Loopholes



 By: Matt Hines
2005-12-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Phishers Slip Through Web Loopholes
  2. ' Fighting Phishers Through Education '

Rate This Article:
Poor Best
Phishers Slip Through Web Loopholes
( Page 1 of 2 )

News Analysis: As shown by a recent attempt on customers of online auctioneer eBay, phishers can still cause serious headaches despite increasing consumer awareness.Despite the continued efforts of researchers, security providers and online businesses to discourage phishing schemes and shut down related Web sites, some criminals are still able to flout the system and find ways to keep their illicit operations up and running.

An example of one type of phishing attempt that still manages to frustrate do-gooders appeared online in early November, in the form of a Christmas-themed Web site that mimics the name, look and feel of online auctioneer eBay Inc. in an effort to steal its customers account and password information.

However, unlike the scores of unlawful sites discovered and successfully shuttered by eBay each month, this particular phishing site, which wont be named for the sake of protecting consumers, continues to exist as a nuisance.

At the heart of the problem of taking this phishing site offline is the fact that the ISP and domain registrar responsible for supporting the Web page reportedly hasnt responded to requests from eBay and others demanding that the unlawful operation be pulled from the Internet.

The company that sold the domain name, Joker.com, based in Zug, Switzerland, isnt returning calls seeking information on the Web site in question, which leaves eBay in the unhappy position of being forced to explore other avenues for getting the site offline, the San Jose, Calif., company said.

Resource Library:
According to Hani Durzy, a spokesperson for eBay, his company shuts down 80 to 90 percent of the phishing sites it unearths within 48 hours of finding the pages. However, in cases where something like an unresponsive ISP or domain registrar appears as a roadblock, the companys hands can be tied.

Microsoft expands its anti-phishing database. Click here to read more.

Another challenge in stopping this particular phishing scheme is that the fraudulent site appears to be hosted on a number of different computers, potentially without the knowledge of those machines owners if the devices have been infiltrated by some form of virus or malicious program, Durzy said.

"Were good at getting things shut down but were not perfect; some ISPs and other unwitting hosts of spoof sites are beyond even our reach," he said. "Were doing more than ever to fight this type of thing, but sometimes we strike out when it comes to trying to get these sites shut down. Unfortunately, some of the bad guys are smart too, and from the way this site is hosted it may be almost impossible to block it permanently."

One of the first people to publicly identify the eBay Christmas phishing site and attempt to make contact with Joker.com was Richi Jennings, a representative for FixingEmail.org, a nonprofit group that works to educate consumers about the dangers of attacks borne by e-mail. Jennings said the site may have been up as early as Nov. 8 and that it has actively moved its host location from day to day.

For instance, Jennings said that as of early Monday, the site in question was hosted on a machine using Time Warner Inc.s Road Runner broadband service in the United States, but he believes it moved to a computer somewhere in China later in the day, making it much harder to locate the sites creators.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Jennings said the site was registered through Joker.com with a bogus e-mail address and it will be tough to bring the operation down until someone at the ISP responds.

"This is a perfect illustration of phishers getting smarter, as the domain registrar is unresponsive to everyone," Jennings said. "Usually these types of companies are good at responding to phishing and taking down sites, but in this case the company appears to be a black hole, which is really worrying."

Jennings said the attack looks to have been targeted at U.K. consumers, as he received the original spam e-mail advertising the phishing site in an account bearing a .uk domain address.

The combination of a believable copy of eBays pages with the unresponsive ISP, and launched during the holidays, when more consumers are shopping online than any other time of the year, proves that phishing schemes are still a serious problem, Jennings said.

"The main issue here is that the domain registrar is not doing its job and being responsible," he said. "If you put yourself in the position of someone who wants to be a successful phisher, youre looking for someone like Joker.com with a reputation for being phisher-friendly … then the people start working that angle until someone stops them."

Next Page: Fighting phishers through education.





  Reader Comments: Phishers Slip Through Web Loopholes
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}ks8q8c=mG-9֎my-%L*EB%);'ΗSOx-ɜbK@7Fw?Hpur&56%3E}"Iͽ{#(~p(IFA)v@{iFuۚ8A&pTwd>J`OS{SM)&Ӱ5Y |/[3}BF7\3Ѣb^P$ȁ_M¦%H#xERzGGEQ}&k[1tUN(T|0tgL'þ=ay5ExLԤ#|xB'gxd #BE=x:Q/M+l}qDFkMmW ؓ׌ڭAx)B(#bF]߂GCI%۝߼Iؓ&thluD`YRi 3<LGmfC1kT%R>l[}@ݑ[cXsIVHaSӤO*!)lpi+j%ypOl+;)\x uȭC ¿{߂#ݸ1ܷL[b6Z mO |lM=R~%DhOǍHuhs 2 eþ;JP+qV*cgCrL!-g©;htnTUMSU@Blݹڎ6жF^׵vCq={grعx';AW@o&1`ZLTQRxf Rc@G',/BݓK>o VqW-ÒhZIAvina[E4f™EUCdndЖ-AA9C,[3sA4 ̠+`Wk1e`=k>_svڽ>9ݐvcGV}Bg#j`BcYueUo~97c_C3S?&:aZ+CI-Cw:t!޺pr=%IoK?;BesU З?7g,Y`MIhL2Tc]NjGoNX ZRĿ"G/!4ӇiЈ4X}5SN`cܑ^̜07ÚL ~Dg虅m>`T4fs)wdmr)s7UBsNHB/W2 \_&AB5 6d:ɤPl';oWf^!ۮ!C}QȺ Q(JЧVȥC Mqά hPS bI,(t=(UF+_z]1UF=n3 $h@4e2f,4_\0-xJD%x\Rj'2?CU^oVSxw,"ZTjSCjv\Vkov Ls1)' Sf)Nb_ћz?3ch9{r8  `3\xk}`䃇*,*pز|˘/ 儩xT*i3"#Мv*'L-`Z>5Oᗬ{)0v\ j y 8._Q>Y7i` 922f`KH h_7`wg*Q :@!G:0=X,()yip^eOS)V,tu `_ nM=זG$*X  d44} *zIe߯yboY څHB:GdDC>+`v*7w6Jh)6YS!RW dĞee[etkC鳨ݹY$g8 MGFi$]|;P vfȭvN'_&Ʀ(ɘVIaf28ڇF18=[ |{.J :=Fh=Нt;'q7?,WE:&ϡRB71PUL xg4sgDcK6VNM&vxVm"y';"#^_)%$*L3)㦧RQu VI^Aұg.@C׳@.l̼ITCGTUeH4yJ3k% =EZЋqcSLJ.]ITY)(qg@Vf2U+WkU"m=, =X Z=6~ z|IcEihx _(OU?2j߶JZVϢ CzFNpiEB֒%3q܇6J-ܟ`@O|GZO]TK0ezIMYIzQK #nK-%. ހذ:zf(t]6f semn/`I3I9` {iO4c3gF*ݔ;YꇪsVR$gI; g?amE:JbI*N=ym5ucf`<#ɟ?9qwP7| o>eM+v@lkZpW|L2M: j>e!eO*lWJtX8]HX9H(P+ YGۻBlpI75 ),{q 4 }U^;8"c_>\e}Mqr`SRh3 J@F$bw}Wsz^^{醿ð]tQ孀҈Fޥsٺy߽_>]nQcrѽH^'k΃ w"EKrBë<Mti)qfڎ7MJ,#L=\?ֈdȰ6 Z(XťwpfiZ ^k=W17U8ވFhv19ºUXȬe`&|PH:>X1aXHR ~tDۿh}dgu؋^k 2 m D785C*QW22EhiA%;g <D9FxDwDnEr}#R%';yQb}b%h4eW&Bzc'?<@s`S*G伨=t#aMb׽cscD1uR;2x;yZ1ݾpne9r0jwt=z{Oj]!3}A&XnL xqf=' t9 7X136q=wvb#({A\[ ("Ξ[ ezclҿǥܷrtg ހ.Һ485LN:0g,H~ {'|$A1|M>uSOF 95C/3r¸el(=hGt?Ko{ѧ}e4 tRTsd{i6$BUU+jۻAZEVe.t՗^|;9qi ,Fs d3D?yeВ11>onQ;-4zcAcIU~(TR=/aO"J麇\%(S]MU,^RRMJ>\$k@" b]_BI{Oz[6N Ħ712~1O O=qԱىǓE|Syg!,daзF0[)=)$Ιd<J;oݭnM M A;&JX۴ rUCaK_&(0i0pDVa$\}5 ߊ;bE#Ɠt-ۊc򽵢rp:ip*9;_PE?\=3q DɛxQx7e\ڊ}aK~~ Vv/,Viun.Go].}NQҁX?B*֠"=;"aC|"UQ\*j5rS,7sXIG\ ] t^(t4/LɩS̃PeS`'3,OwF?$ӳÜ_F!sN"( 5O :17_`ԷQZ)kmGtxJtn}L'Zh#rAu!:skW TbSU&m:~U" {yjpYgT0G%nlTu>P\$,Me"4Cdf>=5Kw2@M^f C`׏ J&wR37f yMYQչ c, # &.1.cspeIHvGl++NL;ɒ: nӈӥ6/˵dW\)DSY%WCޮ8W RC07%oH )һ<׋WGd%h89igz:ȤznTЀlwk<6yr(!ńs(ȺMph=gdM,U&;\45%z\|3^fED0H({gj3b(!Y)^6o4/py#H?_b[HQ1T="LFyWv09]k,\XH`<:)5W!8"Uեd(0EV>4%W>^4=]`]~ CMRߦ匰Nv3XwQY~pFH75[Ho0Wov~ҋ5DHDg`Wb"CD]nNTCISҋsS?eFOt/u[ O&% !? .fڑ +]؉Vۖʯ̱hϤ>WAK,}5h Zri?I e צv>B|kd܉i%ULSyqL1D-~ =ň0R`b΍,à5Be'#óU'-T_OjKH K'd1mo|ۄuqVFn]sJ;N7Q{qtS2ƌISTET ٠w.x zjÚ| 6Uhn8@ z1@B~c̷DewߨC |mcf5K9&D3O]`KqlhOsrU[<{T_< {+c-0L 1jn*~$^ug]Inq4nGRsB@E_T=1ܶvb޷cJ=U:yRH@"_߰oy-+nCEECyЅao+{_g^7WW97C۝ZVU ]3Rş-/zۦO*L=5p_]hB/|:Ε[tx3wZ,uҀ7f=sh~_Nml~dy6.Zx{m_ o6` lj[V;8V#y=U6忍}:sJy,徯Xuy=c~a_Yf#e։ iV$1b*Θh֖,P2իQT+opC@$=Ih-ɤ O *`ʵl{;hOf>`!ZpP]}zUccbl\51]4\}:?JPAysũ*F]{N9-( o*n?]ts-z~Euw@2(kj  &=dWd G*׶/~/OЍ/"j\D`kjs6&O]E a!/(/Ȯ|~aI{L&$T9q}MMm&޸ kQ 'flZO'p.4XDJŇ!WG K&5\'^R_V6LWP2#Fm.MEfIȢD7jE\1oՔCub? @,utIkb"K]ɖ1xy[/>Lz'5aL7P;IU6'a|Q´@*VH5i`G[k>A5Yއǚ>)fF<@&Lvh;bu=Vڹ肱q)y,y-J+pSKCR<6$Aeȇ5T?0 )U?kueqj+Y!kjQ<ҡL+q,|㶭MCh%, 7d`(8N B|dTkVyKb?{r &̋(HKt<.:>m{A=~{LLRO'g\NL!_K_߰VIm{d72[ $} ?Z,D1h% Is^m3tnaG_s/ju..4a= E{r!'vq]Q sx(E"aK.  ZC8ްnbķ |$rkIC9Ҍ?/7W}P)a#{~L DBʹ"c)41GJ[#1}ɹgM:vJE< ,iMmahn.2abZ1Ř!&"cs6#|- dnC1A~@>LQXj*!b3wا9gr02Σ@QR*tQ:.( oIYPXP؟S?pk2ꧦH0^nn3N]<7Yef xpƧx})5lDM< 2BLkQ>閣FMQpV#ߛ~pSg8Xں9Pa[k |폺SwNzOOgݫMjg0%"F;e6/ME`9<eie)sC9?ԙpm.4 "ǸȁW.}Q X\m3 ItPJTَ/!jb\թ2M؂W?Wz [MrOПxu3K_-fyPM/ǭc29Ǥ'M&7bS߹HShF&5+ۺv)))-VNy{9mAS~ 姛π>g9yny\mvN9?trʡݜ/4O/E|횗9s _ /}/s{ ̡%%e^^'UWcN9 S~ 90W9{s#?W0~W9׃r?=/r qu7?799~A \C}y>>oʁosڿi6s$CPʑ5.N pNr+IT/ޯ<,sYU~vïUX^йZ*4ϑ*Sҿw2~2A^u CFW\=o /de7I  H?70e4.Œk,f]32]Of@L V$W0>t zCcjd9Mk +P<P/AgvbyC͞ DaV,|v/G&M;0F+`a?94Ǟ"(ـħ%IAa:2Ş_ =6g^Rsn9q?\ łފjd!vzk2jSo:h}t;4eo-"m,?hPxUE0H$=CfJ,h :"QFAG}FV垓gg_7b Gy&3@p+ N_dvO~%B+*π 5Jl#YұߙQ TDO2nty9=|E^[~QڗG@1agGQg*Yů Kw oX)umȧ|oW|D,;kl`B`t9p*sˠv3C@_vܥeUhJl;9Md2֭kc'pG!-Xo ;Oulם@ Pr⁜2ћKt)_ԕu`g#~*3V[œA>h4_@&s`܈}olI-#_x Cr:vY 965O}0uGĶrCR4kUpwRv K?93_rxs]@NDqLgHvyGmm<^:yl랮EOfuݍüȶZ׼Lܸ5"`:=Vڕ+yL1e~}J<3G(u2,@P"5`y+@4 qS`p#1tBR(cto U1?c=VIٮ7G,cӰKQaW:6 6n MywTM\7o﹨']ecAP1W?&Il}ra|X ^|޹+o3ȉe]g0^϶p2$Ӿ82#" $$zIW{{Q0&iEȓl`Cv_)~ph;?҈YA wVǰ-XF!&ۅ ?O80Ux|-h\}{X\e,8Lg񸜺ނ"?X=ODNű<<Sf}')VSL_X1_,P>I&g\%ƕEySq||\WXYj .xH%H}Sw qFk'O(Uƥ2}>8ZS|ڻ$`gd/=i-EmEKBݴ;Y B*EwjW񲞽P7w r9̳?s7*Ѡ,jU z' 4mEgl3W'J^R۽wz"f/ROa6%s|N1Kik^ϦO*L㇅ wm&l2)v}mb-c6C-{5.*