Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Symantec Touts Professional Anti-Phishing Effort



 By: Matt Hines
2006-05-01
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The security software maker is relaunching the phishing attack information network inherited through its buyout of WholeSecurity and contends that it is bringing a previously unseen level of professionalism to the anti-fraud landscape.

Symantec is relaunching the anti-phishing industry group gained via its 2005 acquisition of WholeSecurity and promising to bring a more professional approach to the effort while signing on some well-known participants.

Dubbed as the Symantec Phish Report Network, the effort builds on the network of companies previously brought together by WholeSecurity to share information about phishing attacks and help more businesses and researchers fight the latest fraud techniques being applied by online attackers. Along with companies such as eBay, Microsoft and Visa, who helped found the Phish Report Network, Symantec has already brought on board search giants Google and Yahoo, Web portal AOL and banking giant Wells Fargo to help increase the organizations reach.

Another high-profile participant in the effort is IT authentication specialist RSA Security, which will contribute data gathered by its own anti-phishing project, the eFraudNetwork, whose members include a number of large financial services institutions and banks.

The idea behind the effort is simple: Participants will contribute the details of any new phishing activity they observe in order to help other members keep an eye out for similar attacks and to help Symantecs security researchers shut down related Web sites and distribute security applications updates to the software makers customers.

Resource Library:

While a handful of similar efforts have already been launched, including the Anti-Phishing Working Group, an IT industry consortium, and PhishRegistry.org, which is backed by anti-malware applications vendor CipherTrust, Symantec contends that it has the most resources to throw behind its group and will therefore have a greater impact. The other groups may also have a lot of well-known participants from the IT and business communities, but Symantec said it would have more full-time paid researchers actively working on its Phish Report Network.

Click here to read more about CipherTrusts PhishRegistry.org.

Since Symantec is responsible for feeding data to the so-called black lists that Microsoft uses to protect its Internet Explorer Web browsing software, the company claims it has more incentive than other anti-phishing groups to stay ahead of new threats.

"We didnt see the value in maintaining a duplicate effort to the other work being done in the industry, but we believe that we can put more professional researchers behind this effort and go beyond the neighborhood watch approach of other groups," said Dave Cole, director of Symantec Security Response. "Were able to take the operational backbone and technology from our anti-fraud products and services and extend that to people who send us data and provide a high-quality Web service to our partners, customers and people like Google, who need a data feed to help warn others about new threats."

Phishing schemes typically start with misleading spam e-mails meant to encourage people to visit fraudulent Web sites that are designed to look like pages maintained by legitimate businesses such as banks or online auctioneer eBay. Once users are lured to one of the sites, they are usually asked to hand over sensitive personal information that could be used to commit identity fraud, or keystroke logging software may be secretly loaded onto their computers.

According to Symantecs latest Internet Security Threat Report, the company identified a 7.92 million phishing attempts per day during the second half of 2005, compared with the 5.7 million attempts per day it reported for the first half of 2005. In addition to becoming increasingly hard to detect, Symantec said that the attacks also continue to become more targeted in the way they attempt to dupe users.

Among the latest trends the company is tracing on the phishing landscape are attacks that have been crafted off of databases of actual consumer information to match individuals with the companies they do business with, and those that use a central Web site to farm out criminal activity to other sites, making it harder for researchers to trace the threats back to their sources. Other new threats include phishing attacks that use blogs, wikis, and 800 numbers to help dupe consumers into forking over their data.

"We are seeing attacks that are smaller in scale than in years past but far more effective in terms of effectiveness based on the level of personalization that is being used," said Cole. "Phishers are also becoming like online marketers—they know that getting someone to a Web page is only part of the battle. As people have become wary about filling out online forms, the criminals are dropping more keystroke loggers into their pages that look to attack vulnerabilities in Web browsing software."

Symantec is also promising greater cooperation with other companies, including its security software rivals, through the Phish Report Network, and it said that anyone is welcome to join the effort.

"Any large industry consortium starts with some vendors who decide to put some sweat into it; if this evolves into a broader effort and its covering our costs, wed participate with others," said Cole.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Symantec Touts Professional Anti-Phishing Effort
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r㶲s\@♵M=RJؖI*%Bc"){~u~|.{<5D th4{$sG7L{B.cnQ?sOG3齿O$w}L9UQ#C3W)92 E]0eNznDzpDwd>9|@D)5'Ӡ5ޙ Q}_6g2z9o0 fE63&6IE9JDq֥qɏB|2#oqر7{ g&tob Q!)*Jd/B(?cc5~{N=3τPcw0}dh9[*v_e ۭ@5lvy!rs#g ݻH͠L$Gd`jI:D*"4C2R!1;r,ǃ)KTQ3c}fZ3u-3@ؾQ̀ EuL֟GBԿ$f …0̳X#vRpce[#]6g5]v9s8$sz3 wZENX* ?q7tJa% :r<=0;DL=:/yÙÌ6mަ- ,ֳP= u/kzQҏZ-[jZAS# TFIna>E4f™EU2q}oOe}}uI}rv|i"|c)̠V*PFfЊ%+5Q9m<]st.[ݛ9^VSCV=BgCj`BmiuuUo~=7c!EXCyCa#U~Ff=ji>wNHN‰,-90o-Yn_H.)MaXY|Dͼ94o o 3NE ;- ujvf5Pko43@_x0ND=7fMs,eg{0AM)61tk 3!RBʼIK _{@@ZR~nV(>̧KdoF" 2#r!DKI88c{n.sd>U<8~vwެu*մޙ-~iQw9qn?^[wսuEko_CKEhYf7-wI9ћV)b1*%xX=*BE*GUL F̶-a[e)uu< |0F;}F{g0PP?: M/6G˥qfhj>'ݨä pp|g͇v1s a {>0sF}j`I l"v|scм`yna23fC?F{7t( u,/{@`\@Z8`$8ʼE8sB7}Ŝt҇&Qc>~q (~9-RC/1tKt=JIA }At"AђF *4 gscX"C"' `[7;.VKŤ\*y"Jm':Ν3PK/"ڹLX*QY,p[/ ͙JRdq4[LboD6], S mo-muk{XT4V§#&csdfz{@ZWgi K0:i`0Ґ(e`9O<sy h? OzuG 35{00q}@ 2iE3ӆMI|B3< I8M{lz:eR#O08[rdžfX8oÕ=5q TfҬt|9厬m4@~)&](LuΩJJ&k:HX3j-yrpm ־M7)\IYbT9XScX`D~w Lzb0ufm/n$)`V|\uΖM%֊eS{_No6ҁveXZ @-Ui -a7VXvo jQtV(&АT um:fXGJ]D!1~ha2(_KpSw{{jaaC_/U OLYZsX)Z%R{5>k断,0!.(2n( ,9؂rij><:NX鹞~o6*'l|0ː ;u- CO5,v&Vfj:Y[~2.|O V,'0{ gб3a|ea;m eSKq6Om V!҇D+ه0`M EDN6R^-!z0iXҗKJAUc/`k@Lf2Ts`M[`R9cDzl lF CQ>-D.L{ ipj^EZiIf~~~0*Ly.J?}uVN0\?@R)Ö13ghim&{ǙXT'ł\PZr>r+b"[8:T:$f߂ä:,Cd=tǜ}h3ʫ2 yEZ JL ajheU-UjR =>2~2Ejwp81< __ p˻S~~6Fi Y8AL}6݁ /r/,|tqZEL[vO`cQ av5 1;?VkJC2By^Yhw\rR" Qptoգ)u7ufv9A#]#@$2]r`w4 Ř)aKPs hj_R vU#tT#CWta7)X]QiSiQ9^RӲ+SLjH@Aܚ:{>z,LHT0?z0f&Ш)lTgm/RU *~e;:,]hD1(dyD4@/=q8bk lBk}tq@d#RaCݜ5m"uy@VIJXhQ;_6MONVm(}nL޼?~WӅBo'37~ɴ:(1<6|o D >rWo鸙 y@<sUJ [ b&T~\yy خiϼV&9e>c'}VApaqgX]/U;AS3ѻMslޥ0͜6@yZI@j5VZ`Y V8$g;}'DC0Iefj æRRU V 3Fˁ#_.<4>ʀkxG2gdQJhU m{\ c4wyN1 Qv}b;_&I|SeUȃV)ki+TX񋰷 ?3pa-XPjhHU5}E࣏ C/ PNZC^$}T>Vud*+ZR<* 9 ^  lZv@Kkpo= -2j>vR`fK%2_vܖ[J,]@>a aHwFyp0 O+skKIl'O+Kz@u0RNM= h˃QaߋCWuRԣo{{C4g?"XWSwgtċ)usC\Դ"hw ĶRsG'D.LqC` H\ȣ,D(d0rYj+dK= j ;! |{W !&6ǷWXOdK!OWƒ"'! M+53,` 2{qc?3 cC7W_(1@ E D@;n߱?% ?S-l8)F#t(+g}e_:m^t?&~fm?<u!aa="g~`}/{4.HV_tD`ueK\4߷p-:%5ރ6 `i8~{D(}ׇ́{9gEU\ym}#8-odD4rE}R|I{޽Gy-%{wDs=ADHC䄬W!yNFSLo2XGZ[?ֈ4FD/!B*.V3 N/Ns>֒\zB_ɾj,8Aϐa6(FGhNٮ{k*Q֭ Bf/3bB!|JgG<؇AP#{ z H)'4N9:\bϻ;$B 0FD_TJi)W4f'uSxjt) 5Eſ}i X x4~W+0waAdakF+9mZO{~@H߉ NAN>os_<#Qen1~p-H7ԾN9$S0qJh"g:Q;)~ڲOCT䵤 g[UHN~D!qbwy~@0GW吜ZC=?rjm_wg=z@:(O$ ؑqDt2Ti\'sXs=hrrӅ[ey$smCgLرD}4%/5g3 \:`A)cn ~]jsל8{JnLeNx?HАߙ=p8#M[_:ܓ9HwNA}i^wl'UzyZ J}~l/t6D(jy[a{wCW_U $]d%FtZx@2&n_%3 =ki^x̠tg[f1vfG}I>]bwPxI=w뻿T͞YiIu/K\-"Pn'x${qI9.x}?,K`\Ty^v} ,$>?GFm"fFc8EE[o\gmef7cŸA!{zmNj&X r?4hgazc{ƹ39x < v<.߭[ݚ8)<A~F<vD4);7yΛz}hn;d⫆ܖ?M õcV`j8'$\}1 ߊ;bE Qm!ZQ|=N83{K8jRSWW&6o)?.w?дg=.00yS/sK[⹏^}lQߏo%~2;- X#No8Vc"yP< IjGP{2M)~lOӊ,3FJ2]W!;JjbXw%3(YlvQ5=7 N%89ϓT-8OY$mHƈ=҄_\:$+1yFTJ 3cuLJoRL[ &0q޵'qvBimRL"ZQJՊ>p5P9  zwC_ňrOĦ OxŁZy]ǬEIbK% [e6BEŴR0%r^I5SFoL0_jځy*Sȡ.~`EV[XxR)EN#t5$6y-c 6m "ɽ`sk|\9IO}L X7%86wH"iH"ACt(Nh7vz}WIZm[*<;WGi| 4Lt{NaMKrMQ1W({ $ Aj0Mލ-_܉jJjy[*>+p39`I';K[ F#aƌ* 0H AH뚼vCHnZcG*eL| opcRiK4SB4$ vڤ*aۿ\ekk:1[HMsHt )+#P9lP? nٕ ;>gguli-ncZL O!Ix]L-![ݧM c̩(Nooooů_,֊z~7#K SH-zG-}@ K7u}g"-O^<_^SLilEªr@xvMSי$ni6-V{viKml;rI6i&Ps.I\9JwgClIJ{[tFSJòbX |.ML܍WDRΠ*n4%{Ї bsJi pg $o[P5&+1Q0Ag"Z@mɧ<6Ńe-@g4rcNY,aa&p}fstl"It$!̃8Kq cK<'Ҧr%r<____jJcFEo+Sc _;K˲4,sހVu1M?]7{mD;_/wނb5-S9K8kM)|BȓmO^-œygBx$0xD!uI꽼 `B!U!RH^'~($AX j+ GGd ]=G?ځrUjOo|֊[NiΞëF(X`%\k>1mͨ4$p{#9?_} F{@a]IYx ˝=M).a ?Dy um|v#o?&nZ%S(,1@^tvp^xD)LI|| q-?(p {WV@=o _nyO^1=0*(5tݯ7Tx"/~EGr{@R(kX5X:$R]Ɔ c#cYx|CyDi.B55:eos鳴i+A#샒=%hٕ5!,qC&Ds!-?ñ:yS[~oZaZe/[+W#rd! `,%7TXC0|~8]bɠ#c{(h#8࿴l&vnf \95͂Eo tCc%5Q(5ub?=G/utIkb"]J1x~[Ò+5fL4P;lNz yԥ:BMsE7TBhrF)Yl1zi <)fF<{i H':t=jh DfʤJd m@\P)ϑVPJj\=rC;|}yjUS*ZYQ +*PV =vL 9۟. Y3P=Ӓ"Z{4֑: b楒V,T)ۺg-Hp\ R`Ner}TK;TI`m3 A竀0m˖C/0Ÿn54Q/pO{wi/1~J+԰\³'-:s^`ci7t]stKs>н3B;sl^?bu{ι\`z|oeZ`3+n{lKZIȶ8+ilwIQg)q8 @Lum2,@$=b|G*%_Dx9ʵVܞVk"g5}TbxVŠiUh9!mF6(xl 4&/mB!1\TbЭB1˪M;InP}sY?e=` '2t/xqB /ZU{FȚXwt J "m-@+> N o.&}^8G :{ᛂrPZ-- F/|T0/b=#-񸐤#^>xA1K= o~{@\r q,ڎ-E||z['Au}H?Km1nY珖+62sՈ^`47f\oz~}C{ Y™6 ^<y( >(4xct4> COwE)f͛<ayd4u0"{χ\o|J7[>BZs4pBoG͇˞RS ƈ\faH9p=S-H0Șh MQ HxDirtvnOKZ&a k(E$x/HmDRPact05g3bwt]?qZC-/G J> +&(?,q E {GLƙ;fQWsvlCe H"0Xї)vqU@y+LD͂z![C P/1M͍$u~/BX`,2E<ezY<>swe~rt6fO5KqfldaQ(b8M u?3,ȏ—Klݜ(8#j1I(tCK/HzsZacdFa]N͑/#}|AaP8Z  +z+U'I]U@)9CȮ KDU8+|.OOZY,f/c[iBR. ?$-G쌆d$͈ɵ?04?5iv>N;WNϻ7x Zӷptԝsm}>^}>\;\`&hT/湾L۝',C rzټh3;eNq(gͅf.Y3U94dG0}4y8qf׋GQ?@)v}YQ^MÀacj]{=-Z[[A7^L˒%'u3H>r:X)` /\&7bQ>oIk&5/m;g@/P~ (By794h3Ods)4>3#\~5:;\(u2eF9\C/3\~3l׸ " {A E}. /?/2"?QF/32Ϡ,P ((K ..n~f+ W32  # 埲O}}ʠ dd  M%:Iʘ!g+\8=Rgr ~)A_dկu2[~|^Y;yx߇ߚD,Oz e%Hi_1\3k=xWC/+O7 lc}k|?W;}}<\5߷C{>'K_u}ςoDV)pF ;F^a1zIOa45D =C9}54]OWnT{ǙebIP*5VZ*{5] = #`G jJ]N-JTL3B /(@#غM{%}C7<8fȳRLq u+k %<k|m.rϫXڼx0%aw8cokx;b(q ?,(s[^FlOBCVxŎ31ljt1R dD:G$q8J4_3ΕBq hlգ{wh9ĉiSrO/([ ot^=pB΄[6пCɂs%(M `V{9 [2FlX jXJrXwNėuɱwؼ!=0BkNC=axap&t}9AwI{ǻ80~.eYŤe @ N_cś04F7#51K98IvmEx5>}t 1-XԱhkоui4|[Nƀ_@o=,N7"fR;/5+_wa˙Z. c@- q[: N϶{3[;EqgrಓH+ 0S\q?Jh"v]#6 R Ň%޿0=nL8='fS(4>LLc? `nwjں=Pŗ;wa3F)f'NFp)hN<}y?ڢ u+ğ? \ cwHVLt>;Oulם8G# P⁜0ћ!x\1ue|nHHU֧f2{M{:з57d([|ӽނ4ܨNA2+1 <&`#O]&\f\jџfJ.ѮRTnbbq8g;KMlZzpȱ(d}jx[9`^|˼kAўx'a|ht-+^FL‡CKrX}P/)W:OOgsZ%&_Hv"x,c 0У,:09[mx uuke!.1:7x!?c=Vqٮ7GѦa#]hT[)^UDl3^kgyc |Ua=vsbCΜ7 ^  =[?܋v}c\m:1V`]ccƫRdGB~@dagZ/u~ҕ^)If`cQd+8*)ؐrk`4bOP1, Qv7}`N*)Asa#El ;ApN--8LgѸ8"?ZvU9s, j7WȀ7H>Y;D,5Rb:(=zk|FXKc.&Ա`=br8Lte4Q3|JKm)3 {τ T4}jsXC`*#F"