Network Security: Detailed info on RE: Discovering and Stopping Phishing/Scam Attacks

Subject:	RE: Discovering and Stopping Phishing/Scam Attacks
Date:	Wed, 27 Apr 2005 10:06:18 -0500

Subject:

RE: Discovering and Stopping Phishing/Scam Attacks

Date:

Wed, 27 Apr 2005 10:06:18 -0500

  Actually, it's even easier than that. They can simply redirect the
I don't think this would slow them down for more than a week or so--
they **could** just copy the images to their site if they wanted to.


Once that happens, you could use something that is somewhat CPU
intensive, but might be effective: steganography. Embed digital
watermarks in a few, select corporate image files (logos and such,
especially those in login screens) for each session (standard
cookie-based sessions can let you create the watermarked images and
cache them for the duration of the session or a timeout).

Then, when you find a copied image in a phishing kit, you get the
watermark, track down when/where it was downloaded (from your
watermarked files access log), and use that in your investigation of the
perp.

Just an idea, someone might be interested in working out its
feasibility.

Marco Zamora

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Discovering and Stopping Phishing/Scam Attacks, (continued) Re: Discovering and Stopping Phishing/Scam Attacks, byte_jump Re: Discovering and Stopping Phishing/Scam Attacks, Michael J. Pomraning Re: Discovering and Stopping Phishing/Scam Attacks, byte_jump Re: Discovering and Stopping Phishing/Scam Attacks, Crispin Cowan Re: Discovering and Stopping Phishing/Scam Attacks, thomas adams Re: Discovering and Stopping Phishing/Scam Attacks, Alex Re: Discovering and Stopping Phishing/Scam Attacks, byte_jump RE: Discovering and Stopping Phishing/Scam Attacks, Thomas Adams Re: Discovering and Stopping Phishing/Scam Attacks, byte_jump RE: Discovering and Stopping Phishing/Scam Attacks, Scovetta, Michael V RE: Discovering and Stopping Phishing/Scam Attacks, Marco A. Zamora Cunningham <= RE: Discovering and Stopping Phishing/Scam Attacks, Krul Thomas RE: Discovering and Stopping Phishing/Scam Attacks, Calder, James (EXP) RE: Discovering and Stopping Phishing/Scam Attacks, webcenter RE: Discovering and Stopping Phishing/Scam Attacks, Randy RE: Discovering and Stopping Phishing/Scam Attacks, Nuno Costa Re: Discovering and Stopping Phishing/Scam Attacks, Dave Greer Re: Discovering and Stopping Phishing/Scam Attacks, Rainer Duffner Message not available Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks, Daniel Hanson Re: Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks, Valdis . Kletnieks Re: Discovering and Stopping Phishing/Scam Attacks, Steven

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: Netcraft Phishing Pheed (Was: RE: Discovering and Stopping Phishing/Scam Attacks), matt.neeley
Next by Date:	RE: Discovering and Stopping Phishing/Scam Attacks, Krul Thomas
Previous by Thread:	RE: Discovering and Stopping Phishing/Scam Attacks, Scovetta, Michael V
Next by Thread:	RE: Discovering and Stopping Phishing/Scam Attacks, Krul Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: Netcraft Phishing Pheed (Was: RE: Discovering and Stopping Phishing/Scam Attacks), matt.neeley

Next by Date:

RE: Discovering and Stopping Phishing/Scam Attacks, Krul Thomas

Previous by Thread:

RE: Discovering and Stopping Phishing/Scam Attacks, Scovetta, Michael V

Next by Thread:

RE: Discovering and Stopping Phishing/Scam Attacks, Krul Thomas

Indexes:

[Date] [Thread] [Top] [All Lists]