Symantec Touts Anti-Phishing

Relaunches unit acquired with wholesecurity deal

Symantec is relaunching the anti-phishing industry group gained via its 2005 acquisition of WholeSecurity and is promising to sign on some well-known participants, in an effort to bring a more professional approach to the group.

Dubbed the Symantec Phish Report Network, the effort builds on the network of companies previously brought together by WholeSecurity to share information about phishing attacks and to help businesses and researchers fight the latest fraud techniques being applied by online attackers.

Along with companies such as eBay, Microsoft and Visa, which helped found the Phish Report Network, Symantec has already brought on board search giants Google and Yahoo, Web portal AOL, and banking giant Wells Fargo to help increase the organizations reach.

Another high-profile participant in the effort is IT authentication specialist RSA Security, which is expected to contribute data gathered by its own anti-phishing project, the eFraudNetwork.

The idea behind the effort is for participants to contribute the details of any new phishing activity they observe to help other members keep an eye out for similar attacks and to help Symantecs security researchers shut down related Web sites and distribute security application updates to customers.

Similar efforts have already been launched, including the Anti-Phishing Working Group, an IT industry consortium, and, which is backed by anti-malware applications vendor CipherTrust.

But Symantec contends that it has the most resources to throw behind its group and will therefore have a greater impact. Symantec executives said the company would have more full-time, paid researchers actively working on its Phish Report Network.

Because Symantec is responsible for feeding data to the so-called blacklists that Microsoft uses to protect its Internet Explorer Web browsing software, the company claims it has more incentive than other anti-phishing groups to stay ahead of new threats.

"We believe that we can put more professional researchers behind this effort and go beyond the neighborhood watch approach of other groups," said Dave Cole, director of Symantec Security Response, in Cupertino, Calif.

"Were able to take the operational backbone and technology from our anti-fraud products and services and extend that to people who send us data and provide a high-quality Web service to our partners, customers and people like Google, who need a data feed to help warn others about new threats," Cole said.

According to Symantecs latest Internet Security Threat Report, the company identified 7.92 million phishing attempts per day during the second half of 2005, compared with the 5.7 million attempts per day reported for the first half of last year.

In addition to becoming increasingly hard to detect, Symantec said the attacks are becoming more sophisticated in how they attempt to fool users.

For example, Symantec is tracing attacks that have been crafted off databases containing consumer information to match individuals with the companies with which they do business. Its also tracking attacks that use a central Web site to farm out criminal activity to other sites, making it harder for researchers to trace the threats back to their sources.

"Phishers are … becoming like online marketers. They know that getting someone to a Web page is only part of the battle," said Cole. "As people have become wary about filling out online forms, the criminals are dropping more keystroke loggers into their pages that look to attack vulnerabilities in Web browsing software."

Symantec is also promising greater cooperation with other companies, including its security software rivals, through the Phish Report Network. Company executives said anyone is welcome to join the effort.

"Any large industry consortium starts with some vendors who decide to put some sweat into it; if this evolves into a broader effort and its covering our costs, wed participate with others," said Cole.