Any improvement (Phishing)

Discussion in 'NOD32 version 2 Forum' started by Albinoni, Mar 29, 2006.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    I recall a while back I heard that NOD's phising detection wasnt really up to scratch. Now I know they have vastly improve their Trojan detection but how about their Phising detection and how would you rate it.
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I don't use NOD, but... phishing detection in an antivirus? o_O
     
  3. honeybunny

    honeybunny Suspended Member

    Joined:
    Dec 21, 2004
    Posts:
    168
    Why not ? May be by IMON :rolleyes:
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I've always noticed it's pretty strong, XMON picks them up like crazy in my SBS clients.
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Quite common really.
     
  6. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    looking at the list of definition updates there are some already in there, eg HTML/Phishing.gen.

    I submit dodgy emails i get to eset for analysis and (hopefully!) inclusion in the database. I seem to get a lot from Ebay and Paypal asking for personal details. In fact I had one last night that looked quite genuine, I clicked the link to see how authentic they had made it and apparently it left a Trojan downloader in my temp internet files....NOD32 didn't detect it but a scan by Ewido did, and uploading to Jotti showed that a few others did too. I have submitted that too.

    Lee
     
  7. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Never seen it (or maybe it's implemented in the AV applications I use and I just don't know, I never received any phishing e-mail at all in my life). ;)
     
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Same here, but they do detect some of them :)
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Brian, wise guys like us never get a pishing e-mail. :p
     
  10. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132
    If you receive a pure Phishing email, with no attedant trojan, worm, or other nasty, (remember the "phish" is the body of the email, not the attached or embedded nasty) then no AV software will be able to detect it. After all it is just text in HTML and, normally, a link to a bogus login site.

    The only defence against Phishing is common sense.

    Trev
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Ah yes, we are too smart for those mails :p
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, that was my assumption too, though I suppose if there's a link to a known phishing source, or it's an HTML e-mail showing a link to a site that's actually different from the actual link in the "unrendered" HTML, an AV can detect this as probable phishing; then again, I was unaware that AVs did this.
     
  13. wxboss

    wxboss Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    33
    Location:
    Jacksonville, FL
    I believe that NOD has a "Site Block List" for known malicious sites which could include phishing, but as far the ability to detect a phish by itself, I don't think so. The only AV type products that I've seen with that type of feature is usually part of a suite which is really a compilation of modules added onto the AV.
     
  14. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
  15. wxboss

    wxboss Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    33
    Location:
    Jacksonville, FL
    NOD may detects the HTML code used in those emails as being suspect. It's good to know that there is some protection from those attempts :)
     
  16. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Most AV's, including NOD do not seem to perform very well in this Phishing test.

    Only KAV, F-Secure, Fortinet and McAfee appear to do well.
     
  17. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
  18. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    For whatever it's worth, I think the phishing detection is still quite poor. Looking at my logs, it has been 5 weeks since NOD32 has detected a phishing message. In the meantime, I submit an average of 2 or 3 phishing messages per day. That would mean roughly 70-100 phishing e-mails have made it through without being detected in the meantime.

    Maybe I am on the cutting edge of phish. :rolleyes:
     
  19. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132
    NOD did not detect the Phish. It detected the trojan attached to the Phishing email.
     
  20. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132

    No it doesn't. It detected the trojan.
     
  21. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    My understanding has been that NOD32 detects the phish itself and categorizes it as a "trojan". Can somebody from Eset please clarify?
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Phising emails are detected as HTML/Phishing.gen trojan.
     
  23. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132
    None of the ones I've received have been unless they have nasties attached. The ones that are just plain emails with the normal "Please login to your account via the link below" type NOD has ignored completely. As I would expect.

    Trev
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Were the links in those emails actually functional? I for one do not think that phising emails with non-funntional links should have higher priority than worms, trojans and other threats endangering the computers.
     
  25. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    In my case, the links appeared to be functional, but I did not actually click them to find out. Go figure that today, of all days, I receive no phishing e-mail. :p I will check next time I get one.
    I totally agree. By the way, I am looking forward to the anti-spam feature of NOD32 3.0.
     
Thread Status:
Not open for further replies.