Anti Phising

Discussion in 'NOD32 version 2 Forum' started by Albinoni, Oct 7, 2005.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    I'm using NOD32 V2.50 or the latest version and would like to know if this version of NOD supports Anti Phising. I know quite alot of AV software out there today does, but not sure about this version of NOD.

    Also basically how does it work.

    I thought Anti Phising has got more to do with FW's than that of AV software.
     
  2. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    NOD32 has ability to catch Phising mails... by generic and signatures detection..
     
  3. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Basically, it scans the e-mail body looking for something that "looks" like phishing text. Unfortunately, I do not find that it works particularly well. I would say that roughly 95% of phishing e-mails make it through undetected into my Inbox. That is not an exaggeration. I must be on the cutting edge of phish. :doubt:

    I am submitting samples of these undetected phishing e-mails to Eset in hopes that they will improve the detection rate. Until they do, however, I cannot recommend NOD32 to protect you against phishing attacks. :(

    So you know, I am a huge fan of NOD32. Just not for anti-phishing.
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    are you submitting your undetected phishing attempt algove? If you're not, how do you expect Eset to improve the algorithms?
     
  5. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    On the clients that I have using Small Business Server utilitizing the XMON plugin....wow it's kept busy yanking an aweful lot of Phishing junk mail.

    I do find it quite effective.

    On a further note...any business clients people here have who are using Office 2003....Microsoft recently released a service pack (a week or two ago) which adds a Phishing filter to the built in junk mail filter, and with their normal nearly monthly junk mail filter updates from office.microsoft.com....it does a decent job.
     
  6. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Yes, I am. I am saving the e-mails as .eml files, and then submitting them through Quarantine --> Submit for Analysis. I also put "undetected phishing e-mail" in the comments field, so there is no question what it is. ;)
     
  7. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Hi,

    I've just finished configuring XMON and I'm browsing through XMON posts. I noticed that XMON by default doesn't scan plain text message bodies. This looks logical because it's difficult if not impossible to put a payload into plain text. IIRC there are many plain text phishing mails. If XMON does scan for phishing junk mail shouldn't I enable scanning plain text message bodies?
     
Thread Status:
Not open for further replies.