Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Scammers Exploit DomainKeys Anti-phishing Weapon



 By: Dennis Fisher
2004-11-29
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Phishing scammers are using the DomainKeys e-mail signing technology—regarded by many in the security community as one of the best hopes for preventing spam and phishing—to their advantage.

Numerous and prolific, phishing scammers continue to claim victims, recently damaging the reputation of the most promising technology deployed to thwart them.

In a week that saw analysts declare a 500 percent increase in global phishing activity over the previous quarter, experts are warning of new attacks that not only circumvent the fledgling DomainKeys system but also use the technology to their advantage.

DomainKeys, an e-mail signing technology developed by Yahoo Inc. a year ago and deployed last month, is regarded by many in the security community as one of the best hopes for preventing spammers and phishers from forging e-mail addresses.

Resource Library:

"DomainKeys is not meant to solve spam. Its meant to take forgery out of the spammers arsenal," said Miles Libby, anti-spam product manager for Yahoo Mail at Yahoo, in Sunnyvale, Calif. "Thats one of their prime techniques. If we can kill forgery, we can apply a true reputation to mail that comes in."

DomainKeys works by using public-key cryptography to let users verify that a message actually comes from the domain that is listed in the sending address. Each ISP or mail provider that implements the system has a private key that it uses to sign all outgoing messages. It publishes its public key in the DNS (Domain Name System) records.

The mail server on the receiving end then uses the digital signature and the sending domains public key to verify that the message did, in fact, come from that domain. The system is not meant to replace anti-spam filters but is designed to augment those defenses and take away one of the favorite tools of spammers and scammers: spoofed e-mail.

Click here to read about a recent rash of phishing attacks.

But last week, spam messages promoting Web cams and adult sites and carrying DomainKeys signatures began appearing in users mailboxes. Some of the messages came from Yahoo Mail accounts. Yahoo Mail is one of several mail providers and ISPs—including Google Inc.s Gmail, British Telecommunications plc. and Earthlink Inc.—that have adopted or are testing the DomainKeys system.

According to security experts, the scam artists have begun using the DomainKeys technology themselves to make their bogus messages appear more legitimate. The turnaround is undermining confidence in the fledgling systems ability to deliver on its promise, they say.

"It proves that people will get to the point where they cant trust e-mail from anywhere," said one security expert who works closely with investigators and asked not to be identified.

Aside from co-opting DomainKeys, phishers also have begun employing a new scheme recently that doesnt rely on spoofed Web sites to trick users. Scammers have begun compromising banks Web servers.

They then send out normal phishing messages that take the recipient to an attacker-controlled page located on the banks server. These attacks are insidious because the victim is visiting a legitimate site, security experts warn.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Scammers Exploit DomainKeys Anti-phishing Weapon
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}r8s;iW1ŋKm)XTFh)ئHIVO 7]hvUϖ+ʖ0Ld&D?;;~$rɅklJv9;D;;?.ԇP|oQP/2t}R  tӌ5v:! M>;|9|@vD%j'aCkcFcW2ű5m2 f E1;'}=B ~5;s6 #%=֥ϊ{ k[!tUN(T| 0tTǖþ=ay5EhDԤ#|xBgxd #BE=x:Q/M+l}~@kMmW ؓ׌ڭAx)B(#bF]߂KCI%߼qؓ&thluD`YRi 3 LmfC1kkTR>l[Gݑ[#XsIzVHaSO*!)lpi#j%yi Ol+;){ uȭB ¿{k߀Cݸ1̷L[b6Z mO |lM=P>I Cu"ħFr ˺Y4hmEajjT+W^r_ӽl˙=X8^poF㯽sj_.;gW~`h-v4򺮕}u=;yؼ} d}#5*%`ZJ4_::fN{] x[^ Kj%٥~hY̞ofV҈ gUUY:lni_Wם^gGם)wf٘Y jiUd\]1,U5M{#kr9n3鐚&tXaV|[kU[lx0kh`cR^ٗ{dN/Wm2 ᭫OGcRdt,'90N`mYn_H!-T|Y|ԛE34 i[2)ߖI@w[)@ +:YK7BS_?g]p a4F@Lt&h)5?&9gMab&DJH?є6-`i˫ TE嗋mESq>]Q4{3Bɝ`g@ɋ BD4?CzC0!pl/\~_L.΃QwWڲ9Q[ kK\M흙ǘ\z댛Vu.~hzmxD18,]evb`\77Zu?1Ra^TU G'&-d`q86acJݤ#}fE= tSOC|>56㤞F!|Бdmxq=Z.3+ԍEXn`Nth Qx٭lE%_¤< ) FA=H:}mP`~5$ǎ@ Ls'08 ɝ5E0ݻCi`y1&=զA{ Tgg ,zC k 6G~[>l03QP|'sZ( w^`2)%%E29 EEKy3@ $h-4`z.́mb$HXVphT6ݞH:w@T*esRأXB YX/E_R23#CdɬaX91{MfT`"[ụLKak`FX,CMۯ!M{ڣeX#>hf&i &蝐`3Ґ( s?{\ g!7!q"%st0x>fXfZ1kpBa"@s2iB7 ƉeLH|B3} H8M{lz:{mQH>08-vys3tNn~|ZFhIO3hy>g~=厬m[_4@>T*|zS.z:ԍ$r%5kb$T`CL Aװ DؚZWS{<`m1Jx>hx# d\6XbO`#Vškϧ;°w^^v˖?~F|2^ۄC=1͉V*a0Y6؋T,{|ݛtZA_` V&I?րH{A2,exY.5mI\v 'Yw$ Eiy Y$p}r)#©5j!| jjx0A,#ןũ¨0vQԺ;12­q͝a&1 DR)Ö1Swhi'T'/咢TSАah"pHEAxZkhp\@U.)L-9Hz  [ hg [QznSCz+n `RI?I BL!2B3ݧ==1g匬~`" dRPZUU+òZp~W`q,(xO?b5xh/Op{/Ne6Z/Pz;ܦ[pK9sOSp c.# ,c?` $̮fG`ã R)ψP^Cs2](:h3 siﭢz8_n?9!/ɘVIaf28ʇF18= [ ٔ|{.J 5:=Fh=Эt;Gq;X qLϡRB7PU ōfπiNdž m}  m_ۯ `EOwDF3۝>S"1$*L3)㦧RQu VI^Aұg.@C׳@g.7^u, ς2 Ba u( =6Q;o]!c̞Òf&s,.ҞIG:-efF*ݔ[YsVR$gI#cg?fmE:Jb{I2N=y}5umf`<#ɟ?9?pw@7| o6eM+v@lkZpW|L2M: G ɲ\' ׫UVگ]q.g$ ,$,zǣx]!6ps^ar0qq8(-E<9_K84L xϰL'JUVqm?2 cS7WvvZ]}{?"}QLAUv٩bcy&m!@Ϣ7)il{ٗN[/xȄyut'_u{~{y[;qA^vԸ'^`>*u.O8 C.OEC]Fya8F&{PvB, oIŤ}vjt.?Hm}ڏ<-odF4zw/Υq{Oe[J:^9$Q!;.XF}9>oOM1k0fhRbA 1fF<$FMT_!m Be\'k,WZXKs!}=#ɢjkhLئֿvVg'u3_f} Rt4Du~mGp_,})Fy*}y:}6~OWK0fAbQ+F+=ǭN:I|I NAN9os_,ĠC9r 7{KP -Mu?So2MĜykNEm {6-~=prvGP2)B~(IZ[Ũˢ ݖ2`9 :)Oz.ϕp|Nik'i^VӲQ6T$4%44ALNC]F+d#7g һj]nNpVHpo6_xvImK$sgKe֊ pkP q<+ b >ϣ#+y-EY-Vyғ;i9: a!y]9 gEuX.gHUkN+tt,ZȍNڰq ;eΫPf|mv,KمN-W3lyRѵls2fucBA095ѧ@b `0 AU jMM%7,`*h 5fXeKoNuA?K.}:﷯IK 09jJs dthCk7yEO>4wX]{gE Z7N{m,da}?I+Fyc(!ZSi٘NBERTUuklko(rYpJeOV ;d,E',nP2QvAK JG3`̾qK7bcoJP}|]& {~W]ߣPIݣw)~=mҊ(r]ZD܎q5U {II5)t}<-J`RToy^f} m$.E{g[#D:*tcxO||nF?mv}}QƿerNuկ)6ٍV y<۵P"9 IZS[|A`_.gmD>az!eph指a21`l ̞3 d_{:xfHd~hZEX ̾˭@YeQ/EJ:'ߩŀbHQuܤ^8SG$ľ$1vc5˨{rUeFaɎ!D\GNl<zL<'d(΁,3~U)`Y=NI=(}$I͠|Nxl(y_B!K%?;ۊ?-f>Nkbb -l_;8Mr-],WxTtIt+NRnU%!*,!LyzI$if/fiMf5F*O&"=YD(ONȴ2e22e7Xg@5x,<9ːbB22 ~83N*+s. eњVI VӏW/pآI ~f#=ڌ,JHl "7$蛯;ZevWR[.n o)r@l)*5P)шs֏NS1/SUj? H՗fcI+5YM~r$J8PӹщZ{.IDyҔ\yc)Dh> vW6ߠ\J*շ3t9 $ұk"`?UR]LF-dxek u.٧P5;tR$F; mXI2PNloD=H1/GB  Q|Yx VT8J/?H<;z> 4+/RU-wc@xn K@ץt>B|cdLS~qyʇua0H)"Up+UsإO&'%ABM67BQxCT6eʋ3ĕ>m#N 8G#}r}D#Lڶۄ2o6~]`ܠVQ7sDƣ)V,k%vAHXNm^*K%2 |I$!L/CH#LY?Ag6ڋshBٔ?E+L ftCm[; VjRÊDp!g]hrCwmH>B|cdܒiRZc \;e>5>[q0# w~w~w~w~{mEԵo}^v.I',:\H'M,Pe3/gT.]~ ޶^6ݚr 䅉 <4GN   z7۬Z\?9Sߞm_͗! 9wεL H(3i%xUU K `^k>)JlGol(Xj̨4K,s{{"yB13Oh-%o10F^j{*ik4b~W]:vތ5(.*a%K#xDy dWݐ*_[Ϭإ+߂ŷtjN~L7p@X Lݩ^BzArF|Y 6_܆\bNbT _?w76/I9CcIEw-yfT*ղZ^Q? A vQWa@~#&|65bBlM֯l*odX`=ZFY)-Q* 4!0\]g?)r!"A$ D4ȵ0>BgCyyyy_hڟKo^B>Ժ}s1ʣgDH< qD0)Qē|DTNΡPц7x8@>X  !g IHxg"暂o}1C6@MMܙmJݤНlfgoW#[Mj}}'a c9fV<4ê;uזt`<+`sq0"ǘonsÊ5z6^*tf1pkL 'Bvp^\%U"lIv-!2ToO=۝S+Ȧ'5^ͬ^0s v*[Ǡ &zJhAJM6ϤN ^.\S3}7N衁szfK@ + 0$Ԉ76Ǿyݵ(/Ktl>|`4l~vjW? 8fä%?կz䢮뽦nzrk")^%sB /vWoixȫ.rBgg3h~_ Nmey6.ZxM_ o&`ljVb8?Y#y=Uֿ忍}:uRy,]徯YR.`!zU6ꅠd+Ь%5:&aXJD:`ῳhF3VL)2MJf66J.j` n45,> ztowwv]g34C(PN>kA2~i//m~1#X[,@U_ @{@7Iq,!Zp6P]?zUclbJqt%51\ﲽG'0]~Ge39ggi=U⯠œ6fVPhs| Ϟ-'@3* I7!~^G%Hc:a)PAgXt~D)LcG4{O3\0k`'꤯ 7~G6FkN]M&YX#J:*׏;5'kPwwmOaR--:'7 "EB~ e9Vq:Idˈ'|[G㎈0Uňk('>?7]J5>Zgɿ TŢW`#5|5XmÈKl2C[Ć8TWc3kxDEYwi.J^e9L XTNj*bdFyAx!FvY֏;Kb+n6Q{$Ip+jj5A^uG1ckzzD,?t"RVЮ(> l?QX2!\6K fZןQ.˨E3, Y.K15\Ra\.he,zUdI+2&/ czRO&w Sj9椷 O=#TY|HU% & 0ZpJ?b\y z Gg>)fF<@ƏLvh;b=Vںjq)y,y -JA4`}*mZ%24v^UP+)ZzʋzhNu_ZהV/`eEF{9v\kR]XcXov/>VHՕݷd}extJ"^8۶6 CQ:co;I XPpSMI٫T~~Nчd>QhTJӑu la|$wzS4mFGĵ׀gxBW7˽}D['ٍIm+62 1jLlƉ/ulH9l~V };C}m!ZSK#8kM`p w9$R+6  [zqeL\VZC8 ްnb75|$rkIC9Ҕ%K˞0Iݹa?Ð3{#TZ"fZ1ш@Q>ɹcMN퓔pxXҚ0! YC) \:dSۈ»0/Ypx 1SӖ{(mLeC1^G>w;WLQZj*!b3wȧX,o ,Σ@Tl7tQ:..( oI[PXP؟S?pkH0^Ipf) '.X`,2E<ezY<>we~t:&Z!&z5KfltQQ({b8M u?؃3,ȏXHmݜ(8z1I)t#K/Hzsڔ &H@PbJ])IdR|:PJ|+R0cU+ߺcP5w^7D[1z+YT( I+;}^(#^Pk;9&h]]!k"6}:_w%9jwooW[u{{sپ\ M 26ME`9,eiE)3C9lꌹ6Wc\sxYx鎾(ah,.6Yug$;G(%lFyї51թ2M؂LLNN۽OֆCyW'>;uIc:jS#[}uRBjs@1@C|k{.4#z_m;9B9P~)By79hp)?@|OPi}Yv͋/ry9\"?/?/re2P9 r)r˜̑K˜B9.n~+x*k{/>_?/)>Crs~~sw7y79{wNr!(oY NoR8G9B(_*Uy@a uyS9@yJ*,cr\- {%;[?v'u CFW\=o /dew5vkYAm{} yW /"yeo2?AQFgG6+.ȭ-'Hl]=g%%x=0?Mu{1پWߕ\*ܢ}:qOXE9 8G#iPA9D4k{HO9}\z[,G$q=Pޫ.vuf>n@x` ~iMognw\Dpqk;O΋kwՕ |3O߆zH':+;PxZLܸRpoQ^" #"5 |0-0VqF`^u= !:i>t^`iB0¦ " n#q_LZAۀ3AZ/`51EIv͘z%v/rt_SLiG[g6b:KHKl7g@oJ`Xkt JV7Bg3Σ/~ܞ05Er[~Bm@e8>qe d`6Nώ;]9 Wuu;В_/TB# lc̈́Y&]PO"m3x^3.GN*Maџ"iyVfN M̮+fAj3rf='yfs(19L |Xg'4WBMxXU7M&T܇Д2\X*|T#cE \1SzA۹"=מ X?(xcläLݴPxUE;>R(K9H%)^xjA߮ed#W B㑸| ,* O*_ aNm% 1oE)R%:V*POe[BI<ŷ<>,D*9"[Io %Q)@EikA/?tI3ۉd쥽%}Yq v.} Md\*KxrHIhC>~EE~%Og ϿaHO)t&I`Q'11|j;;1Te]XQYɶy SO~n]O(#oݒ珸6x}҂I2% ,1-ik%:Ɛ9-S)0p,\ftO6C|gKo?[=ȾJ B ϱɮx*3@WD0;"6ic.KE&(Xp\'AΙَz&gw>G-܇Hxkyf#%SWJP'jdVw@8̛ m+~HױI$`:Vږ+yL1e~}J<3G(u",@zPr`y%K@4zW qS`hwq#1uVBR(at!L?U1?c5VIٶ7G,cݰ Qa[:6 n ۊ uy˷DM\7ȧnRa=rksbcΜ6 *χŀ{̾^f#9uVRdGB~DdaܐdZ-*?҂g' Q\F$30(y l+m5'0X1+ (R9(t>0 'Ɣ ϰO"- s+׶9),cכU .^3Ơ`{e75SF ODNű<<Sf}')VSL_X1_Q>q&g\ƕEy@Xqө8Yo.)Z_,{ٗN[/<|;XYt0y']f*FRqOR||8(>w3u㖗?~~<6Ҝ%!tOY B*Ew:9\~HWzv C&ȕ/g2F#|oUA,jU z' l5mEgl3W'J^R۝wz"f/ROa6%s|N1VKi+^ϦO*L +q>lgLp -ϱeRZ`l/Z6wÇ+