Symantec Touts Professional Anti-Phishing Effort

The security software maker is relaunching the phishing attack information network inherited through its buyout of WholeSecurity and contends that it is bringing a previously unseen level of professionalism to the anti-fraud landscape.

Symantec is relaunching the anti-phishing industry group gained via its 2005 acquisition of WholeSecurity and promising to bring a more professional approach to the effort while signing on some well-known participants.

Dubbed as the Symantec Phish Report Network, the effort builds on the network of companies previously brought together by WholeSecurity to share information about phishing attacks and help more businesses and researchers fight the latest fraud techniques being applied by online attackers. Along with companies such as eBay, Microsoft and Visa, who helped found the Phish Report Network, Symantec has already brought on board search giants Google and Yahoo, Web portal AOL and banking giant Wells Fargo to help increase the organizations reach.

Another high-profile participant in the effort is IT authentication specialist RSA Security, which will contribute data gathered by its own anti-phishing project, the eFraudNetwork, whose members include a number of large financial services institutions and banks.

The idea behind the effort is simple: Participants will contribute the details of any new phishing activity they observe in order to help other members keep an eye out for similar attacks and to help Symantecs security researchers shut down related Web sites and distribute security applications updates to the software makers customers.

While a handful of similar efforts have already been launched, including the Anti-Phishing Working Group, an IT industry consortium, and, which is backed by anti-malware applications vendor CipherTrust, Symantec contends that it has the most resources to throw behind its group and will therefore have a greater impact. The other groups may also have a lot of well-known participants from the IT and business communities, but Symantec said it would have more full-time paid researchers actively working on its Phish Report Network.

/zimages/1/28571.gifClick here to read more about CipherTrusts

Since Symantec is responsible for feeding data to the so-called black lists that Microsoft uses to protect its Internet Explorer Web browsing software, the company claims it has more incentive than other anti-phishing groups to stay ahead of new threats.

"We didnt see the value in maintaining a duplicate effort to the other work being done in the industry, but we believe that we can put more professional researchers behind this effort and go beyond the neighborhood watch approach of other groups," said Dave Cole, director of Symantec Security Response. "Were able to take the operational backbone and technology from our anti-fraud products and services and extend that to people who send us data and provide a high-quality Web service to our partners, customers and people like Google, who need a data feed to help warn others about new threats."

Phishing schemes typically start with misleading spam e-mails meant to encourage people to visit fraudulent Web sites that are designed to look like pages maintained by legitimate businesses such as banks or online auctioneer eBay. Once users are lured to one of the sites, they are usually asked to hand over sensitive personal information that could be used to commit identity fraud, or keystroke logging software may be secretly loaded onto their computers.

According to Symantecs latest Internet Security Threat Report, the company identified a 7.92 million phishing attempts per day during the second half of 2005, compared with the 5.7 million attempts per day it reported for the first half of 2005. In addition to becoming increasingly hard to detect, Symantec said that the attacks also continue to become more targeted in the way they attempt to dupe users.

Among the latest trends the company is tracing on the phishing landscape are attacks that have been crafted off of databases of actual consumer information to match individuals with the companies they do business with, and those that use a central Web site to farm out criminal activity to other sites, making it harder for researchers to trace the threats back to their sources. Other new threats include phishing attacks that use blogs, wikis, and 800 numbers to help dupe consumers into forking over their data.

"We are seeing attacks that are smaller in scale than in years past but far more effective in terms of effectiveness based on the level of personalization that is being used," said Cole. "Phishers are also becoming like online marketers—they know that getting someone to a Web page is only part of the battle. As people have become wary about filling out online forms, the criminals are dropping more keystroke loggers into their pages that look to attack vulnerabilities in Web browsing software."

Symantec is also promising greater cooperation with other companies, including its security software rivals, through the Phish Report Network, and it said that anyone is welcome to join the effort.

"Any large industry consortium starts with some vendors who decide to put some sweat into it; if this evolves into a broader effort and its covering our costs, wed participate with others," said Cole.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.