phishing sites: local and remote
Julian Field
MailScanner at ecs.soton.ac.uk
Tue Feb 10 19:13:34 GMT 2009
Are lots of other people seeing this sort of attack?
If so, is it worth my while doing something about it?
I'm not going to start coding for 1 site (sorry David), but if plenty of
people are seeing this then I could possibly do something.
On 4/2/09 16:31, David Lee wrote:
> We try to use MS configs (currently 4.72.5) reasonably close to the
> distributed version. That includes taking the routine updates to
> "phishing.bad.sites.conf" and "phishing.safe.sites.conf".
>
> Being a university, we are also getting badly hit by spear-phishing
> attempts against our users. We noticed that some of incoming bait
> contained URLs similar to ours. Our true URLs are of the form:
> http://...durham.ac.uk/...
>
> The incoming bait reads:
> http://...durham.ac.uk.spammer.bad/...
>
> (Real life pattern-matching would need more subtlety than that, but
> you get the idea.)
>
> The routine anti-phishing stuff detects dubious URLs etc and displays
> bright red "possible fraud" warnings.
>
> It would be nice if we could supplement this with an additional,
> locally-based, component that could be configured to match suspicious
> URLs based on the local site name.
>
> Is it possible to run such an antiphishing config, comprising both
> Julian's standard set and a local component?
>
> If not, might it be a worthwhile addition?
>
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list