phishing sites: local and remote

Julian Field MailScanner at ecs.soton.ac.uk
Tue Feb 10 19:13:34 GMT 2009


Are lots of other people seeing this sort of attack?
If so, is it worth my while doing something about it?
I'm not going to start coding for 1 site (sorry David), but if plenty of 
people are seeing this then I could possibly do something.

On 4/2/09 16:31, David Lee wrote:
> We try to use MS configs (currently 4.72.5) reasonably close to the 
> distributed version.  That includes taking the routine updates to 
> "phishing.bad.sites.conf" and "phishing.safe.sites.conf".
>
> Being a university, we are also getting badly hit by spear-phishing 
> attempts against our users.  We noticed that some of incoming bait
> contained URLs similar to ours.  Our true URLs are of the form:
>    http://...durham.ac.uk/...
>
> The incoming bait reads:
>    http://...durham.ac.uk.spammer.bad/...
>
> (Real life pattern-matching would need more subtlety than that, but 
> you get the idea.)
>
> The routine anti-phishing stuff detects dubious URLs etc and displays 
> bright red "possible fraud" warnings.
>
> It would be nice if we could supplement this with an additional, 
> locally-based, component that could be configured to match suspicious 
> URLs based on the local site name.
>
> Is it possible to run such an antiphishing config, comprising both 
> Julian's standard set and a local component?
>
> If not, might it be a worthwhile addition?
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list