phishing sites: local and remote

David Lee t.d.lee at durham.ac.uk
Wed Feb 4 16:31:06 GMT 2009


We try to use MS configs (currently 4.72.5) reasonably close to the 
distributed version.  That includes taking the routine updates to 
"phishing.bad.sites.conf" and "phishing.safe.sites.conf".

Being a university, we are also getting badly hit by spear-phishing 
attempts against our users.  We noticed that some of incoming bait
contained URLs similar to ours.  Our true URLs are of the form:
    http://...durham.ac.uk/...

The incoming bait reads:
    http://...durham.ac.uk.spammer.bad/...

(Real life pattern-matching would need more subtlety than that, but you 
get the idea.)

The routine anti-phishing stuff detects dubious URLs etc and displays 
bright red "possible fraud" warnings.

It would be nice if we could supplement this with an additional, 
locally-based, component that could be configured to match suspicious URLs 
based on the local site name.

Is it possible to run such an antiphishing config, comprising both 
Julian's standard set and a local component?

If not, might it be a worthwhile addition?


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :


More information about the MailScanner mailing list