An example of one type of phishing attempt that still manages to frustrate do-gooders appeared online in early November, in the form of a Christmas-themed Web site that mimics the name, look and feel of online auctioneer eBay Inc. in an effort to steal its customers account and password information.
However, unlike the scores of unlawful sites discovered and successfully shuttered by eBay each month, this particular phishing site, which wont be named for the sake of protecting consumers, continues to exist as a nuisance.
At the heart of the problem of taking this phishing site offline is the fact that the ISP and domain registrar responsible for supporting the Web page reportedly hasnt responded to requests from eBay and others demanding that the unlawful operation be pulled from the Internet.
The company that sold the domain name, Joker.com, based in Zug, Switzerland, isnt returning calls seeking information on the Web site in question, which leaves eBay in the unhappy position of being forced to explore other avenues for getting the site offline, the San Jose, Calif., company said.
According to Hani Durzy, a spokesperson for eBay, his company shuts down 80 to 90 percent of the phishing sites it unearths within 48 hours of finding the pages. However, in cases where something like an unresponsive ISP or domain registrar appears as a roadblock, the companys hands can be tied.
Another challenge in stopping this particular phishing scheme is that the fraudulent site appears to be hosted on a number of different computers, potentially without the knowledge of those machines owners if the devices have been infiltrated by some form of virus or malicious program, Durzy said.
"Were good at getting things shut down but were not perfect; some ISPs and other unwitting hosts of spoof sites are beyond even our reach," he said. "Were doing more than ever to fight this type of thing, but sometimes we strike out when it comes to trying to get these sites shut down. Unfortunately, some of the bad guys are smart too, and from the way this site is hosted it may be almost impossible to block it permanently."
One of the first people to publicly identify the eBay Christmas phishing site and attempt to make contact with Joker.com was Richi Jennings, a representative for FixingEmail.org, a nonprofit group that works to educate consumers about the dangers of attacks borne by e-mail. Jennings said the site may have been up as early as Nov. 8 and that it has actively moved its host location from day to day.
For instance, Jennings said that as of early Monday, the site in question was hosted on a machine using Time Warner Inc.s Road Runner broadband service in the United States, but he believes it moved to a computer somewhere in China later in the day, making it much harder to locate the sites creators.
Jennings said the site was registered through Joker.com with a bogus e-mail address and it will be tough to bring the operation down until someone at the ISP responds.
"This is a perfect illustration of phishers getting smarter, as the domain registrar is unresponsive to everyone," Jennings said. "Usually these types of companies are good at responding to phishing and taking down sites, but in this case the company appears to be a black hole, which is really worrying."
Jennings said the attack looks to have been targeted at U.K. consumers, as he received the original spam e-mail advertising the phishing site in an account bearing a .uk domain address.
The combination of a believable copy of eBays pages with the unresponsive ISP, and launched during the holidays, when more consumers are shopping online than any other time of the year, proves that phishing schemes are still a serious problem, Jennings said.
"The main issue here is that the domain registrar is not doing its job and being responsible," he said. "If you put yourself in the position of someone who wants to be a successful phisher, youre looking for someone like Joker.com with a reputation for being phisher-friendly … then the people start working that angle until someone stops them."