Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


TippingPoint Casts Out Open-Source Phishing Tool



 By: Matt Hines
2006-10-09
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The network intrusion division of 3Com is sharing a research tool dubbed Monkeyspaw with the security industry in an effort to expand on its own research projects.

3Coms TippingPoint security division released an open-source anti-phishing technology to other security software developers on Oct. 9, citing industry collaboration as a key to reducing the continued threat of fraudulent Web sites.

Known as Monkeyspaw, the software code is used specifically to validate the legitimacy of individual sites and to report potentially fraudulent sites back to researchers for further investigation. Austin, Texas-based TippingPoint said the technology was primarily designed to work in combination with anti-phishing systems built into other open-source tools, such as the Mozilla Firefox browser.

On a basic level, Monkeyspaw is used to help determine the ownership of a Web server, as well as collect a servers configuration information and the location of the sites it supports. When the program detects a fraudulent site, the Web server and its URLs are reported via the CastleCops online crime organization to roughly 50 different international groups, including the Federal Bureau of Investigations, who maintain black lists of suspicious sites.

Resource Library:

"Security people dont tend to use Web developer tools, but were looking for ways to help people cross-pollinate their work and bring some of the anti-phishing technologies theyve built together, as phishing is an area that can truly benefit from that sort of cooperation," said Tod Beardsley, lead counter-fraud engineer at TippingPoint and creator of Monkeyspaw. "The tools purpose is to ease the job of Web forensics investigators, and it pulls together AJAX-style technologies to help make that sort of research faster and more reliable."

Phishing attacks have continued to grow in volume as well as complexity, according to Symantecs latest Internet Security Threat Report. Click here to read more.

One of the recent trends observed by Beardsleys team has been a growth in efforts by phishers to leverage vulnerabilities in Web browsing software to deliver cross-site scripting attacks and other more sophisticated threats, while the majority of phishing attacks remain fairly simplistic, he said. In fact, TippingPoint has noticed a decrease in the overall technical sophistication of phishing Web sites, with fewer of the sites featuring JavaScript or Flash applications to help dupe users.

Based on what TippingPoint believes is a lack of technical expertise among phishing organizations, those groups are ramping up their efforts around development of more simplistic keystroke loggers, anti-spam evasion techniques and Web server compromises, Beardsley said. However, while the bulk of phishing attacks are crude, a small percentage of those creating the sites are building increasingly complex manners for loading code onto users desktops and stealing their personal data.

While a large volume of phishing sites will continue to try to fool unsuspecting users into handing over their information using more traditional methods, some phishers are adopting malware-writing techniques more typical to other forms of attack, according to TippingPoint.

"In general, weve seen that the sites are simpler; there arent as many JavaScript tricks being used to make them seem more legitimate, which also makes it harder for technical countermeasures to find them," said Beardsley. "At the same time, we did see some phishers jump on [recent Microsoft vulnerabilities] in a manner more common among spyware writers; there are those who will create more sophisticated, exotic attacks, they just dont lend themselves to repeatability in the same way the simpler attacks do."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: TippingPoint Casts Out Open-Source Phishing Tool
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r8s;iW1ŋK-iXTFh)ئHIR~fMZs\QD d"3H$$3W7-gB]snS;sa@ Z.%>; ()o1mnf]( _hoL|Aშ :#:D.Rk2 Z575'4o/Nne0S-:Iq>)֐NմnI>شQ$)q@P.w@~Th= \2ITߦuB)R=2rН3ݟXBT!|@J%h1Qu ͟Q~;/ !X]D42]hj:TN`Uƞfn KQF3r=B&lw&"ScO$ӡNfI%p'0Q#@ڮSVHf̲;o tG ob}uק&[! bS 3MuN_FBS Ig%KaW+)Kk0~b[4Ip\.* }= :ҍ}4 .j.9a&ԃ)}(p}=\'BL}:n/EӝÌfؖqSth(͡V*Z]QKru_):?Wwcwm9{ 2+ѹRU5MQ ? n8uh;ZCJy]J> y Es3^_D*%`ZJ4_S::yXB,=:GF nn/4E;J KHs = (21,#u;Gln\ :WW~ :ǧGW 7f٘Y jiUd\]1o-UI{]I;ǝ>w:Qڟ+̪?ZU?lxmuH|?-kh`cR^ٗ ?{ǃ/2 OGgcRdt,Atp~F X-t[;RH }yp%#,_0f k$LJFo$3NE - uvPy۬)MZ!rƒ uKsQ8nZK0[RFp\ ДQ#|`Mab&DJH?Ӕ>-`i˫ TE嗋mESq>]Q4{3Bɭ`g@ɋ BD4?CC0!pl/\~_L.ãQwWڲ9Q[ kK\M흚ǘ\zL'UM~?wLqJjhX.B2iKB0pkꛛZϏRa^TU G&-d`q86acJݤc}nE=aAgIy|FMk>ktI=DC#ɠ:ڴ;\VS4!&-Ѐ_aNi1[W <ۋJpIxZ3x&ztH۠h&rkIO7.[A0? [ O`p\&[ xk= `Dy+wMGHb1L{TM`@#AX]7$>(@+9=P lmVl}d`1 >5%ޣA\IQo m2)%%E2 4.gH)AH =[h ]99z |?#!bRN[ '9Rt{B#̝CRMfJ9cb -d[b}IlΌ eV&vϏaZLbo7], Slo3-Muc{\V5mZO4Mǖa1A.ϼGs6I `0EHC;Nm: xwCoBCEw[J0aEiŬ9g)9i|X#<~KMm ݜY,1%&B~aZ&4" 7uYlEQ\'1nUK\f;aMv"Vv6P0*FSMzfs)wdmrn)RЛvs9n$!+xWY 2gdRUyqtʝ+PXY3n2>=Mj=""ǰP7oZp(^HISНj!D9z٧l)s-$֒eۏRumb$l *=Ұ.Z)!d[}aa6E]QYRKHD@CR)ҵ ҊaY^`(! "x ӡE 7=}0\ReeZȔmm1+Ւ9,Wfn (Ք`AE}e &*d ?v=kGzgH~qP9s?磔YTp$4hS*}a5)403yb|Fȸ>qm?XĞ?x8[0,Y\Ζ']5!@0mE"A`iNR} ز^z`׽iAʫe&-JjE)jB4'i/#Y /m0ܱk]>aD6#BQZ>-B-g \ipbZDZLhKgAqA0*L\y.rV~ 2­qŝa&1 DR)Ö13wdi'GםT'/咢TSҐah"pHEAxZkhpL@U.)L-9Hz  [ hg [Qzn3Cz+o `RI?I BL!2Bsݧ}=1g匬`"G dRPZUU+òZp~W`s<(yO?b5xx /Oq883hÿN(CzMp`>sn.,|pZEN[O`cV av05;=UJ%MFd\@AeL˧Fxxg)u;uav9Aخ kqAm[1pWPV}85 '& R9!GF lɂu!MU,np{]0XAG5h0qHG&;+E6856 n:+@lr ?֊N[SGs?@ťQ gicf MafFž.nJm^RK{m7xEq‡1wክ546Ju|8ZJ5qvsTy9kY%f+eEo`4=<^CP,*Ͻ"ty9~/-,w&J Դ\.[C5^-(;3kZvN'_&Ʀ>+ɘVIau3YhSYlpg#]Ӟuu}|O>=~O#eIF:#ݸ{rȫ"wsԷлMklޣ06@yb#kUa bȈCzfHkq{?I ~9pTjgHUWt<,#?3q:F?UU;MyR̚,+Ajm>a,0r]Xbbק$o,yJu8e3 +S`e3*~g~hKJ]ad|?T\Q=@Q>M|ݤ1p NuLi7IղAk JZ8~G+a>&rn&kSHZ#OYdY.eժR+8L3Ay vBs=Q<CMM8q^ar0uq8(-E<9K84L xϰL'JUVqm?3 cSw痟vvZ]} E D@D;n?% ?S-l8-F:w~ݕDw;]wۃR>Ib λg_ ?Nٿn00N 0+οH LЇ_ER9$jUE[ꞷ>vh-6:%5ށ6 `i4~H(&}Ǵ{5ee^|; YdEp0Z^ <!hQo0 8筫 %Y;$g݋uoлo= rHp'Bju?^$'d0 s|i]E'6b `xѤĢ\bz$VB 0F_Th)4zuSxZ) 5[E_ſ}YVST t6~OWK0fAba+F+=ǭϤwGH$Y u8/wb!BQ9o =%E٦z;Wdj&ubNL5W"v=O?G0 clwQ(S1|$-zbeanKlx0cR蔈'='C8 z>RB'Դ5˓4/iY(Eqjhdꒈ~~(i&'ءXԛ_.6'8 $O kzisq/P{q%yt42kEe85(AuMHmQFiIg֢Ѭ]}+ ɏh8z]) $#ʫr@N~\A=?r$}ݛ9V8:FHS p'#9ʼSsa( GW .[ CvcNأ&k{?ȄKԍ)A/]s>ͥ=`L̴M\gwhNPD(Vp9c㻞Xa*/q)y H-@V FP ߽?qw>p]9Qz AC~kM}\0n7~{vv7bO0w)l>8niamǡ850Nl"4P$EUՊZFr,WU $]eNFftZt@2&꜃%3ٌ<яki^d̠tdOc@/ulvk+輳2 [a[#؞qaLpx2HC%7÷Fp7N Ϧf_ O%FJ ,Q`mZ،9!/hvpmU4bZy"N0So1֢$g |o(8L8s{C4pU_s wޘ#%&p$~ M{fr+ 7EAa˸!E%ÖdN._2Yl떟2d]ʩJ\Ȼb;p=*K!;9;<~TA EzDwD†`ExkH]gls@nSVJ%<;cybGva0e 0c)z@),%1r>vgޜƎ? KC|h@`2LN eP!U~ ,Kte_h ϲ7'$_ceJbu;1" Z[w&; C ^>gR:o+em?W8RzdoF2uL>"m+hw/P8Slj)^Y'1KwcH{rzpf`‚ו`zdB,`>P mY$0gL\/#H}Lv({P>ɥ1OQzȃSN-$FD^#Mcz\*iGE3c4kg:&%8*a>V)j1ԏΉvRۍ%CnܲI'+%qJMmGk>e“*K2埇]q"u!/*I=RaA!{`sT˕$#VJ/~iZrkm*6Fn-&"lu+r=ůxl/C}hȺMph=gd@,UV&.\4r5%tVd\=PCeaEmBG({=X f~/U'6Am$}i՚VMɤ6j2O sNCl)%!Po)̈W֏T[1UEQ||L5rKQuT.XŠ<.`&EaGzF_șyw3r)r""Ö7|{;ܣTURߧO尕t, LЮAa,KK0ŴY9sGU XFDV#\m.`ILx(V#uFtnMxy%zWXJ* ,`VZ3XoBo)"*lysOPM3CbjM<'H'@FXJ)?! P~=~=~=~=Qk/{Lt˻ ;1J,+Ȑ(XT<0y衄{3l2Xwغwg:"gh jRG{n0-l!q#pX$6/|X?C@M imD'g!n8ރ$]R4d})}Jg[, _Q>YA"ZTбJT.#1,O}Og'P'a§6dҋ/FPtnxJ!X]s|ґ&w7$YkO@ ͑nnS{CV(ft/Z;&}#1Ǿ5q1WM_@1Է?->j dB5 `C.|yUss-]\v[§=L|q=yw>SI+Y? 1|S >^~☌ῑ)4j>Ɔb\Tp5N_ba *A3=ؿ mjo/m9RJꘞ ( Ce)^~kZdS#l7IJYuR/CCCC3.v}#Y7T%Ǻ0mˤ:^;!zG~ JVi/=~XH%ԝ&w@Ҿ %os& ŷ0ns*\qplwxve7fٸek*7q5_ ~]<Fԗ>rA'1LIjJ4'Հ:^ȢO[p݀vM~m#;NoO<G6yUhO&cL)8=R:yˇCNrV8"M1yCLV=)ԦvKHRs2# +PKz6em7W7LNdu087/EB߆ E +Syǀpg[`_se^7׭9%p:̝Z^nUBO+)E?WBW;rn:A蹞nFoKxm ɿ-(FWoi] knzOTXZ)a {;&ASk3XԍmCl(I#ۀچձ B(H^uσdUoko#fE[K}^)K,jhk+5tml؆_߳  ZRˬkR+EI3Ʊ)+{`4T1,,Bdn=փHÑyIv|wouv1cRSpn]|@Q`{Hg*|[@U lAP 'Datx-{8Rxr1JBv12Ӂ®.-tw&wGxqs4L.cT"g!;PIcb|HGO/ :â?$L1I1o=M.b n0By7꤯ 7v]6Fk>L݆KQXcJ:*5\?ԝST#䉯UH&oDcঐ_~xUܕM:@Me7w|#~U1sʉmOXxLMqb3BX>x{$kqCvGrzذ]j~rmw;{>#8E(=6i[ŗ4>(C^P"^]+’{~M}1Ifr9bMk@ע~1LZ O]c)i+CۏAE!Lj<āSKG6qΌ"F$dr[".]sIjʾZr~^ :XuV%d˘xVH=Қ0&OE*ރ0H>PS1VK UH+40I8 xi1=40 csr3#mz^C GJk&GavDXe|W@O[fkhP♛U쭅֝U.ةRcʳ٢-*<);,kK;=쾞#@`m4,\ :BπTa>A4`]*gZ%|t3|TϡVR*jZ?V;ϯ!_הV/!c WG3<3D`Edcus+\W3wt~ -Btx5)0s0kF%a|XK>HP)%$77p 9a>9(-^a̷UKphY\-zve,N 1d7xo/5!oI{m >9bYg"m:s_ai;t]kt+ Ws>e3B[w^?r}sι}?Cn12D@WlfmmEUk)7g%.0,%S9ݱ=X z='` Jz#rU&q{V+ #ZMIxe5J7[ 5&{YuBY9+pSKC7R<6$Aeȇ5T?0P' )Uﵺ05 UPD8AHxQn4V~}.MM .OFJ^j$'Op >> Pm¼DRSx%&wd.41qAo5-RWldb"@՘^_ٹt~A~huE :W} d#?s2C`#>B,M fkEcL@NzlrxD"aK\vSXZC8ްn?Ĉo8fkHג s؇*|c4:׿\]}V݋8p4.pgj9~U%,H9 dU A_}&i[ք ၰ 5"  B-1vn#BLk<3DD^r {fĔy9d_t/s{%H"V|8snj}J1 })qHm 0RYn vqY@y#LL͂zĂ![C P?5DF·:Mis3a,0 @uA"\2,Gyan2?y :QO̬3zy 6t(QS=1U&F+nN ɊrPh$`x=9~imtaPX{SdO (  @Ka1c~Po֔J$2 >*%>gٕa)걪VRgڕ?P_w^7D[z+YT( I+1;}^oih t0 c3brLufcٺsZ_~-4O˻B)usEN9_//Pe}?ˁ]99s?7??}P9g]Cu^9u^C9_]_zy[9rֺą۩QNy*P/nr :WKs9^}IAF&^;]a芫-5nk ǤZuvņ^_BKHe^ٛLGP/<,Y}Mʱ 4rk 7[yDYII{2}tEi>r𞫫i@Lwee)cAz[<G4qZ =Pޛ.v)n7WpK|SG0\=M.nm;yx#ֽ2"\;Yo[췡^Fţu.T+6:7q3[ Èàs H0u VqF`~Uw= !:Y>CP,lKeBghXc$ fZgޣ8 a箨-g雡j:pÅ͹H|3q X94l HGRiejRߑJ0lFGDdBjUUEVrp` VU+D`I9#Tx|Deiګ.91C=b;h8[b(wp EЧ oCv̆˘V͛YȌMMu?/{_ۉ #Hf@2b'`{z98;Hy0`Nf..eа!,%sv[F8 c| e3XV`&r2oAMz4z<8ѿbvcx uY<X!鞠W9׽tFLdp!gB-ҋKl1@eD˺U&b)L '(s˸ [2lZ jXJr 9;܀\$'[`sdoJ9=fG=<0 ;V.a'N\(s " n#q^LZo*m;iF`Zqݴx98𰙄i׌̯`LijdG[wzhLS,fl_cErd9GUZCQ8ۈqeA(e6Lm (~%6,wls] <0'O=8Ï CqzvwʱDeqg "d` 0k&r.xY~1Q>ಓJ_b'cEy&fb P|_|f9{IwLQ l0DѽaV,|v/G&lM0F ``?94Ǟ"(ـħ%IAf:2Ş_ =6}dV\Rs7 D֣#~:4.p+N甽aCm5eԦu"v/Iߵ98^[0D00Y~l+>AՋpaHzfc|Ơ#)e h kk!tZзkdY9Hz&zU x$.7=j"1: gC“J'a{[o]\D)R%:kj[1:Oe[BI<!ZQy|XT ^YұߙQ TDO"nty9=|I>^[zQؗG@1agGQg*Yůu KITr%sDJrE)ߠ(b/<% *`>#.X&";>m<'6}Ju;J "@"d y?-;wn3F)f'VFp)hFN<}u<٢uKğ?X \cwH V&Lt[Oulם8C Pr3қJԜP1$+nvGT g7>5'ك|2h}́!Xs#Q%` |(7ܨNaEVb0%yMvSƸEߟ2"L)Ԧ?3w(\*],5Ał<vvvp"#Q*Ү]^x9`^ۺ+AѾYm0o>`%/mv/-GJ~S.u 7tle @J# >mE73B*|X^c 0У,*0%8u vKѪ N7"aaNo0n,$9&@ Rs=Vcm;p3z2 9Qm`-N \70(|Nuu ۊ|Va=vks`cΜ6 *χŀ{̾1^f#9:}!}đY1^^kti( aavXg~C{%9w:n0>~09&rX>6sη`=`Z]x O0YdWPэX-f1%Dv$8ґCA؞Bʄ>e31#7Dn0BrH d[H_مtv3\j)/YH~1 <99.@OI"cXM1}a`|L2lgLp -ϱeRZ`l/Z6wr(