Stanford security experts unveil ''SPOOFGUARD''

Discussion in 'other anti-virus software' started by ZOverLord, Jul 26, 2005.

Thread Status:
Not open for further replies.
  1. ZOverLord

    ZOverLord Registered Member

    Joined:
    Jul 17, 2005
    Posts:
    11
    It’s an online con that is growing fast and stealing tens of millions of dollars.

    An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such “phishing” attacks exploit a universal weakness in online security: passwords.

    To read the rest of the story and download this new utility please go here:

    http://soe.stanford.edu/profiles/profile_infotech_mitchell.html

    edited link to reflect correct source - Detox
     
    Last edited by a moderator: Jul 26, 2005
  2. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    I use the anti-phishing product inside DesktopArmor to stop this kind of thing. So far it has never failed me, and seems to pass all of the phishing tests.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @SDS909- As I recall, DesktopArmor's anti-phishing product works ONLY with Internet Explorer, whereas I use K-meleon.

    Am I correct in my recollection, or am I having another *senior moment*? :D
     
  4. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Very good point, I don't believe there are any phishing protections for Mozilla. DesktopArmor seems geared heavily towards IE and development has been stagnant since 2004.

    I'm REALLY hoping they upgrade the product. I find it an excellent product with some great protections, but i'd like to see a constant evolution of it - which i'm not seeing. I inquired about the development status several days ago, and have not recieved a reply.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    A lot of this is old news. Some other quotes from the article:

    --------------------
    “Phishing attacks fool users into sending their passwords, in the clear, to an unintended Web site,” ...

    When a potential phishing victim unwittingly enters his eBay password at a phony site posing as eBay,...
    --------------------


    A lot of conditions here; it's hard to believe that people still fall for this kind of scam.


    -------------------
    Unfortunately, users always will have to be vigilant about Internet scams and how to protect themselves,...
    ------------------


    Why unfortunately? Users should always be vigilant about everything in their computing routines.


    -------------------
    SpoofGuard uses several cues to determine whether a site is questionable.It will suspect pages with names similar but not identical to major ones (e.g., [w ww.ebav.com or ww w.paypai.com),...
    -------------------


    I don't know why one would need a separate program to do that ... if you have firewall rules set up for your secure sites/specific IPs, then, any oubound phishing attempts as above will be blocked and you will be alerted by the firewall.

    IMO articles like this, rather than being a prompt to add another security product to the system, would be better served as a lead-in to discussing how to guard against being tricked in the first place. Then, after assessing the risks, it may be that a user decides some product is necessary, but from the examples in this article, I wouldn't think so.


    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    But with a site like this it will make it a little hard for software to detect it is a phishing scheme
    here It is a really legitimate looking e-mail. But we all know that banks don't send e-mails like that,don't we?? ;)
     
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Anyone try FraudEliminator yet?
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Living in Belgium, I don't need these anti-phishing softwares.

    I don't participate in foreign websites when money is involved, except Paypal.
    Paypal isn't a problem, because Paypal verifies personal data via its website, not via emails. So Paypal emails are always phishing emails.
    If they ever rob my Paypal account, I will survive it easily.

    Most of my personal data doesn't even fit in foreign websites because they have a different structure (zip code, social security number, ...)

    If I ever meet a phishing website, it won't interest me, because I'm not even interested in the original website.

    I delete all my spam-emails, without even reading them.
    Give me just one good reason to use it and I will change my mind.
     
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Unless I have this completely wrong, ff fixed this exploit.
    You may get taken to the spoof web page but the address in the bar will be the real address not he spoofed one.

    None the less as noted above we do not respond to such obvious schemes.
    The problem as always is raw numbers
    1,000,000 scam mails sent 0.5 percent response = 5000 successes.

    Please tell me if I've got this wrong

    Regards
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I wrote recently a post about lottery scams :
    https://www.wilderssecurity.com/showthread.php?t=90023
    It gives you a pretty good idea how many people get caught in scam traps and how profitable scams are.

    The largest spam-database I ever heard of contained 250,000,000 email-addresses.
    250,000,000 emails with 0.05% replies = 125,000 replies.
    The last lottery scam, I've seen, asked the victim $785 in order to collect the fake big price.
    125,000 replies x $785 = $98,125,000 for ONE scam-email. Easy money, isn't it ?

    Phisphing emails are just another kind of scam, than lottery scams and there are many other kinds of scams.
    Internet is full of them.
     
  11. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    If you are a power surfer, beware of phishing-prevention/exposing tools. All of the ones I've tried, considerably slow down multi-tab simultaneous page opening and hence surfing.
     
  12. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    don't mean to be pushy, but, has ff fixed this?

    Regards
     
Loading...
Thread Status:
Not open for further replies.