| View previous topic :: View next topic |
| Author |
Message |
radio_pcps
Captain
Premium Member
Joined: Feb 16, 2004
Posts: 333
|
 Posted: Tue Dec 28, 2004 8:47 pm Post subject: Anti-Phishing Toolbar by Netcraft |
|
|
| Quote: | Once a target URL is identified as a phishing tool, community members are protected from the attack.
The toolbar tracks suspicious URLs, enforces displaying browser navigational tools, and displays sites' hosting location, including countries, to help you from letting a crook in Crookonia from nabbing all your money or identity.
The firm is offering a download, at this page. The toolbar runs on Windows 2000 and Windows XP |
http://www.theinquirer.net/?article=20415
has anyone tried this toolbar yet?
_________________
[img]http://radiosplace.com/stuff/asap2.gif[/img]
|
|
| Back to top |
|
 |
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Thu Dec 30, 2004 12:08 am Post subject: |
|
|
I have it downloaded but haven't installed it yet. It sounds like it only works with IE under XP or 2K but I have some phishmails saved and will try testing it by poking the URL's into the address bar.
_________________
 MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Thu Dec 30, 2004 7:12 pm Post subject: |
|
|
Installation was simple and straightforward using the standard .msi installation. The toolbar immediately showed up as enabled in Manage Addons but I had to go to View|Toolbars and check it to cause it to display. Then the fun began!
I ran my most recent phishmail link through it and received an immediate block that advised me that the site was suspected of phishing activity and warning me away from it. It did offer me the choice of viewing it if I was sure that I really wanted to. That part works well but there is more.
Every site visited will display the flag of the country in which registered and the name of the owner of the IP block. A click on Site Report brings up the domain name, registrar, name servers, and reverse DNS on the IP address along with other information from a standard Whois. There is a simple interface for reporting suspected phishing sites as well. I have barely scratched the surface of what this can do but will certainly be keeping it. Perhaps the best news is that they do have plans to port the toolbar to other browsers. I hope that Firefox is high on their list.
I read their EULA thoroughly before installation and was a little taken back when I saw the following:
| Quote: | 8 Advertising and sponsorship
Part of the Toolbar may contain advertising and sponsorship. Advertisers and sponsors are responsible for ensuring that material submitted for inclusion on the Toolbar complies with relevant laws and codes. We will not be responsible for any error or inaccuracy in advertising and sponsorship material. |
So far I have not seen any ads, unless you count the ones included when you follow links from the toolbar to suplemental services and information. None pop up unexpectedly and the ones on the other pages are rather innocuous.
I personally think that every copy of IE in the world should have this installed.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Fri Dec 31, 2004 2:17 pm Post subject: |
|
|
Excellent!
Thank you 
If we add a category in Reviews for Anti-Phishing products later today, would mind submitting your review on it? The more people who know about it the better.
I'll just post back in here once the category has been created.
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Fri Dec 31, 2004 2:39 pm Post subject: |
|
|
I would be happy to!
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Fri Dec 31, 2004 3:39 pm Post subject: |
|
|
Excellent,
Paul will add it when he gets back a little later.
|
|
| Back to top |
|
|
Sandi_Hardmeier
Security Expert
Microsoft MVP
Joined: Apr 12, 2004
Posts: 92
|
| Posted: Mon Jan 03, 2005 3:24 pm Post subject: Re: Anti-Phishing Toolbar by Netcraft |
|
|
| radio_pcps wrote: | | Quote: | Once a target URL is identified as a phishing tool, community members are protected from the attack.
The toolbar tracks suspicious URLs, enforces displaying browser navigational tools, and displays sites' hosting location, including countries, to help you from letting a crook in Crookonia from nabbing all your money or identity.
The firm is offering a download, at this page. The toolbar runs on Windows 2000 and Windows XP |
http://www.theinquirer.net/?article=20415
has anyone tried this toolbar yet? |
To be honest, after testing it I found it confusing, which means the home user would do so as well. Its main fault is that if you're checking out a phish email, as soon as you click on one of the toolbar links to get further information about the phish site, everything resets to reflect Netcraft specific data.
As it stands, Spoofstick or the Earthlink toolbar are better bets (in my very humble opinion). Spoofstick and Earthlink were checked out by me and reported on here:
http://www.microsoft.com/windows/ie/community/columns/saferbrowsing.mspx
I also mentioned Spoofstick here:
http://www.microsoft.com/windows/ie/community/columns/browseraddons.mspx
(Please be gentle with me regarding these articles; I had to write for the most naive of users).
Kindest,
Sandi
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Mon Jan 03, 2005 6:08 pm Post subject: |
|
|
That is probably a valid criticism, Sandi. It took me a few tries to get that part figured out as well. As far as the majority of home users go, and I was thinking more in terms of the elderly, I was looking at the blocking function more than the research functions. I was not really thinking of the average user getting much useful info from the drop down anyway.
Nice links, btw.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Tue Jan 04, 2005 4:51 pm Post subject: |
|
|
Here is the link to write reviews on anti-phishing products  /wreview-31
If you see something I haven't added yet, please let me know.
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Sun Jan 09, 2005 4:06 pm Post subject: |
|
|
I just received an obvious phish purporting to be from a bank that I don't use. The Netcraft bar failed to report it as a phishing URL so I went through the rather simple procedure of reporting it. I recieved this almost immediate reply:
| Quote: | Netcraft would like to thank you for reporting the URL 'http://24.148.19.152:87/wa/index.htm'.
The URL will be reviewed as soon as possible and it will be blocked if our
staff confirm it to be a phishing site.
If you are the first to report a site which is subsequently blocked then you
will be eligible for a prize and we will be contacting you again in the near
future.
Regards,
The Netcraft Anti-Phishing Team |
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Sun Jan 09, 2005 4:19 pm Post subject: |
|
|
Then, about 10 minutes later I received this:
| Quote: | The URL you recently submitted has been accepted as a phishing site by
the Netcraft Anti-Phishing Team. In recognition of your vigilance, we
would like to reward you with a small prize. Please reply to this mail
with your postal address and we will send it to you (allow 28 days for
delivery).
URL:
'http://24.148.19.152:87/wa/index.htm'
Thanks and congratulations,
The Netcraft Anti-Phishing Team |
I immediately attempted to revisit the link using IE and the toolbar blocked it. I consider that to be a rather quick response on a Sunday.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16542
|
| Posted: Sun Jan 09, 2005 8:34 pm Post subject: |
|
|
| Robin wrote: | Here is the link to write reviews on anti-phishing products /wreview-31
If you see something I haven't added yet, please let me know. |
Hi Robin,
Any progress on being able to view reviews via the same UI as used to submit them? I'm finding it increasingly difficult to compare products in the same category.
Regarding anti-phishing products in general, what distinguishes such products from anti-SPAM products?
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Mon Jan 10, 2005 1:56 am Post subject: |
|
|
Good question, Ikester, and I thought it over for a while before responding.
The way I see it spam is primarily an annoyance. It gets in my way, I have to deal with it, and it clogs the inbox. Other than that it doesn't harm me. It can be dealt with in a number of locations by employing filters that are either based on concrete rule-sets, heuristics, or both.
Phishing exploits are somewhat different. They can mimic the addresses and appearance of legitimate sites and then be used to do great harm. They are not as easily identifiable to filters although some of the same techniques may be adaptable. In the purest sense an anti-phishing product would prevent you from visiting a phishing site in the event that the trigger email actually reached you.
The only product that I have experience with at the moment is the subject toolbar which depends on a database of known or suspected target URLs much as concrete rule-sets are used in fighting spam. There are problems with this approach as the target URLs are constantly changing and the phishers go to great lengths to make detection difficult.
The exploit that I described detecting arrived as an email consisting of a mapped .gif image so there was no text to analyze. If you are interested, I took it apart here.
As an aside, my web site, which is rather small and inconspicuous, was bombarded heavily during the santy attacks and I continue to see daily attempts at exploitation. Over 99% of the attempts are aimed at a single forum topic dealing with a phishing scam. Maybe it is coincidence but one has to wonder. I have also seen increased visits based on the results of a Google search. In every such instance so far it has been the result of someone searching (in English, Spanish, and French, so far) for a particular string in phishing emails.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Robin
Site Admin
Phishing Squad Team Lead
Joined: Oct 15, 2003
Posts: 8946
|
| Posted: Mon Jan 10, 2005 3:17 am Post subject: |
|
|
| Quote: | Any progress on being able to view reviews via the same UI as used to submit them? I'm finding it increasingly difficult to compare products in the same category.
|
That is an excellent idea. We have it set up so that you can view multiple reviews of the same product or translate it back to the vendor. It will take a bit to code it so that it can be searched by category... it's on the "to do" list now
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
