Anti Phising

[Albinoni]

I'm using NOD32 V2.50 or the latest version and would like to know if this version of NOD supports Anti Phising. I know quite alot of AV software out there today does, but not sure about this version of NOD.

Also basically how does it work.

I thought Anti Phising has got more to do with FW's than that of AV software.

[fosius]

NOD32 has ability to catch Phising mails... by generic and signatures detection..

[alglove]

Basically, it scans the e-mail body looking for something that "looks" like phishing text. Unfortunately, I do not find that it works particularly well. I would say that roughly 95% of phishing e-mails make it through undetected into my Inbox. That is not an exaggeration. I must be on the cutting edge of phish.

I am submitting samples of these undetected phishing e-mails to Eset in hopes that they will improve the detection rate. Until they do, however, I cannot recommend NOD32 to protect you against phishing attacks.

So you know, I am a huge fan of NOD32. Just not for anti-phishing.

[webyourbusiness]

are you submitting your undetected phishing attempt algove? If you're not, how do you expect Eset to improve the algorithms?

[YeOldeStonecat]

On the clients that I have using Small Business Server utilitizing the XMON plugin....wow it's kept busy yanking an aweful lot of Phishing junk mail.

I do find it quite effective.

On a further note...any business clients people here have who are using Office 2003....Microsoft recently released a service pack (a week or two ago) which adds a Phishing filter to the built in junk mail filter, and with their normal nearly monthly junk mail filter updates from office.microsoft.com....it does a decent job.

[alglove]

Quote:

Originally Posted by webyourbusiness

are you submitting your undetected phishing attempt algove? If you're not, how do you expect Eset to improve the algorithms?

Yes, I am. I am saving the e-mails as .eml files, and then submitting them through Quarantine --> Submit for Analysis. I also put "undetected phishing e-mail" in the comments field, so there is no question what it is.

[andrator]

Quote:

Originally Posted by YeOldeStonecat

On the clients that I have using Small Business Server utilitizing the XMON plugin....wow it's kept busy yanking an aweful lot of Phishing junk mail.

I do find it quite effective.

Hi,

I've just finished configuring XMON and I'm browsing through XMON posts. I noticed that XMON by default doesn't scan plain text message bodies. This looks logical because it's difficult if not impossible to put a payload into plain text. IIRC there are many plain text phishing mails. If XMON does scan for phishing junk mail shouldn't I enable scanning plain text message bodies?