phishing sites: local and remote
Martin Hepworth
maxsec at gmail.com
Wed Feb 4 19:45:09 GMT 2009
2009/2/4 David Lee <t.d.lee at durham.ac.uk>:
> We try to use MS configs (currently 4.72.5) reasonably close to the
> distributed version. That includes taking the routine updates to
> "phishing.bad.sites.conf" and "phishing.safe.sites.conf".
>
> Being a university, we are also getting badly hit by spear-phishing attempts
> against our users. We noticed that some of incoming bait
> contained URLs similar to ours. Our true URLs are of the form:
> http://...durham.ac.uk/...
>
> The incoming bait reads:
> http://...durham.ac.uk.spammer.bad/...
>
> (Real life pattern-matching would need more subtlety than that, but you get
> the idea.)
>
> The routine anti-phishing stuff detects dubious URLs etc and displays bright
> red "possible fraud" warnings.
>
> It would be nice if we could supplement this with an additional,
> locally-based, component that could be configured to match suspicious URLs
> based on the local site name.
>
> Is it possible to run such an antiphishing config, comprising both Julian's
> standard set and a local component?
>
> If not, might it be a worthwhile addition?
>
>
> --
>
> : David Lee I.T. Service :
> : Senior Systems Programmer Computer Centre :
> : UNIX Team Leader Durham University :
> : South Road :
> : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
> : Phone: +44 191 334 2752 U.K. :
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
DAvid
wasn't there something on the list a couple of weeks about anti-spear
phishing stuff Jules is muling about with?? Or am I dreaming about
MailScanner again ;-)
--
Martin Hepworth
Oxford, UK
More information about the MailScanner
mailing list