phishing sites: local and remote

Martin Hepworth maxsec at gmail.com
Wed Feb 4 19:45:09 GMT 2009


2009/2/4 David Lee <t.d.lee at durham.ac.uk>:
> We try to use MS configs (currently 4.72.5) reasonably close to the
> distributed version.  That includes taking the routine updates to
> "phishing.bad.sites.conf" and "phishing.safe.sites.conf".
>
> Being a university, we are also getting badly hit by spear-phishing attempts
> against our users.  We noticed that some of incoming bait
> contained URLs similar to ours.  Our true URLs are of the form:
>   http://...durham.ac.uk/...
>
> The incoming bait reads:
>   http://...durham.ac.uk.spammer.bad/...
>
> (Real life pattern-matching would need more subtlety than that, but you get
> the idea.)
>
> The routine anti-phishing stuff detects dubious URLs etc and displays bright
> red "possible fraud" warnings.
>
> It would be nice if we could supplement this with an additional,
> locally-based, component that could be configured to match suspicious URLs
> based on the local site name.
>
> Is it possible to run such an antiphishing config, comprising both Julian's
> standard set and a local component?
>
> If not, might it be a worthwhile addition?
>
>
> --
>
> :  David Lee                                I.T. Service          :
> :  Senior Systems Programmer                Computer Centre       :
> :  UNIX Team Leader                         Durham University     :
> :                                           South Road            :
> :  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
> :  Phone: +44 191 334 2752                  U.K.                  :
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


DAvid

wasn't there something on the list a couple of weeks about anti-spear
phishing stuff Jules is muling about with?? Or am I dreaming about
MailScanner again ;-)

-- 
Martin Hepworth
Oxford, UK


More information about the MailScanner mailing list