Any improvement (Phishing)

I recall a while back I heard that NOD's phising detection wasnt really up to scratch. Now I know they have vastly improve their Trojan detection but how about their Phising detection and how would you rate it.

 

I don't use NOD, but... phishing detection in an antivirus?

 

Why not ? May be by IMON

 

I've always noticed it's pretty strong, XMON picks them up like crazy in my SBS clients.

 

Quite common really.

 

looking at the list of definition updates there are some already in there, eg HTML/Phishing.gen.

I submit dodgy emails i get to eset for analysis and (hopefully!) inclusion in the database. I seem to get a lot from Ebay and Paypal asking for personal details. In fact I had one last night that looked quite genuine, I clicked the link to see how authentic they had made it and apparently it left a Trojan downloader in my temp internet files....NOD32 didn't detect it but a scan by Ewido did, and uploading to Jotti showed that a few others did too. I have submitted that too.

Lee

 

Never seen it (or maybe it's implemented in the AV applications I use and I just don't know, I never received any phishing e-mail at all in my life).

 

Same here, but they do detect some of them

 

Brian, wise guys like us never get a pishing e-mail.

 

If you receive a pure Phishing email, with no attedant trojan, worm, or other nasty, (remember the "phish" is the body of the email, not the attached or embedded nasty) then no AV software will be able to detect it. After all it is just text in HTML and, normally, a link to a bogus login site.

The only defence against Phishing is common sense.

Trev

 

Ah yes, we are too smart for those mails

 

Well, that was my assumption too, though I suppose if there's a link to a known phishing source, or it's an HTML e-mail showing a link to a site that's actually different from the actual link in the "unrendered" HTML, an AV can detect this as probable phishing; then again, I was unaware that AVs did this.

 

I believe that NOD has a "Site Block List" for known malicious sites which could include phishing, but as far the ability to detect a phish by itself, I don't think so. The only AV type products that I've seen with that type of feature is usually part of a suite which is really a compilation of modules added onto the AV.

 

hi,

I haven't had any phishing email alerts myself, but my brother tells me he has.
there are a couple of threads on here about it, and here's a link to one post from a user that had an alert from IMON about a suspect email: https://www.wilderssecurity.com/showpost.php?p=655103&postcount=5

 

NOD may detects the HTML code used in those emails as being suspect. It's good to know that there is some protection from those attempts

 

Most AV's, including NOD do not seem to perform very well in this Phishing test.

Only KAV, F-Secure, Fortinet and McAfee appear to do well.

 

Blackcat see here: http://nod32sse.hotserv.dk/index.php?year=All&show=list&seek=Citifraud&sog=Go

They have improved since that test.

 

For whatever it's worth, I think the phishing detection is still quite poor. Looking at my logs, it has been 5 weeks since NOD32 has detected a phishing message. In the meantime, I submit an average of 2 or 3 phishing messages per day. That would mean roughly 70-100 phishing e-mails have made it through without being detected in the meantime.

Maybe I am on the cutting edge of phish.

 

NOD did not detect the Phish. It detected the trojan attached to the Phishing email.

 

No it doesn't. It detected the trojan.

 

My understanding has been that NOD32 detects the phish itself and categorizes it as a "trojan". Can somebody from Eset please clarify?

 

Phising emails are detected as HTML/Phishing.gen trojan.

 

None of the ones I've received have been unless they have nasties attached. The ones that are just plain emails with the normal "Please login to your account via the link below" type NOD has ignored completely. As I would expect.

Trev

 

Were the links in those emails actually functional? I for one do not think that phising emails with non-funntional links should have higher priority than worms, trojans and other threats endangering the computers.

 

In my case, the links appeared to be functional, but I did not actually click them to find out. Go figure that today, of all days, I receive no phishing e-mail. I will check next time I get one.

I totally agree. By the way, I am looking forward to the anti-spam feature of NOD32 3.0.