New Netcraft Toolbar Blocks Phishing, Analyzes Web Sites

Review: Protect yourself from fraudulent sites by having as much information as possible about them. The Netcraft Toolbar makes that information convenient.

A new, free browser add-in from English Internet services firm Netcraft Ltd. fights phishing attacks and helps users investigate sites they visit.

eWEEK.com tested the new tool bar, available initially only for Internet Explorer on Windows 2000 and Windows XP, and liked what we saw. All but one phishing link we visited was interrupted by a popup from the tool bar (click here to see a sample) and we used the built-in link to report the one site that the tool bar didnt block.

Once installed, the tool bar exists as an IE Explorer Bar, much like the Google tool bar, and coexisted well with other Explorer bars in our tests. (See the image of the tool bar below and click the image to see it within a browser window.) /zimages/6/94856.jpg

The tool bar has two buttons, both of which have links to other services by Netcraft, many of them free. The Netcraft button exposes other security functions, such as reporting a phishing site unknown to the tool bar and reporting false positives from the tool bar, as well as many statistical reports, such as which countries and hosting services have the most phishing sites.

/zimages/6/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Netcraft is most famous for its Web server survey, reporting which Web server software is most in use on the Internet. For this and other research, the company scans the Internet regularly and has built up a large database of sites and what is running on them. This data plays a key role in the function of the tool bar.

Beyond the two buttons, the rest of the tool bar displays information about the site being viewed in the browser. First is the date the site was first observed by Netcraft. There is also a ranking of the site by number of visits, presumably by users through the Netcraft site and software. Finally, the tool bar reports the hosting service or netblock owner.

Netcraft tracks phishing sites in its database and uses that data to block sites when users visit them. The company also uses some heuristic techniques to block practices often used by phishers to deceive users, such as including <script> tags in a URL and other known attacks.

Even when the tool bar misses a phishing site, or some other type of Web-based fraud, the information in the tool bar could provide valuable clues about the legitimacy of the site. For instance, the site we visited that the tool bar didnt flag—purporting to be yet another Paypal log-in—was listed as a "New Site" (never seen before by Netcraft) and on a netblock owned by "Comite Gestor da Internet no Brasil." Just in case youre curious, the netblock for www.paypal.com is owned by "eBay, Inc."

/zimages/6/28571.gifFor more on fighting phishing attacks, read Larry Seltzers column "Spotting Phish and Phighting Back."

According to Netcraft, the company has received a great many requests for a Mozilla/Firefox version of the tool bar and is at work on it, but gave no dates for delivery.

Now that we have the tool bar running we expect to be using it frequently. Users who are nervous about fraud on the Internet can feel much better about the browsing experience by running the Netcraft Toolbar.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis.