Security Basics mailing list archives
RE: Anti-Phishing with digital watermarking
From: "Matt Flynn" <mflynn () netvision com>
Date: Fri, 26 Sep 2008 17:48:59 -0400
I can't imagine a scenario where someone would create a fake site and not look at it at least once in a browser before sending out 1000 emails to potential victims. If the obfuscated code did something like check the domain and notify the site owner without any clear indicators on the page, I think someone code-copying would be more likely to leave it in and/or not notice it. If the obfuscated code also was responsible for some core piece of content or visible indicator (like a date/time stamp with a logo behind it that might be otherwise difficult to recreate) the phisher is even more likely to leave the code alone. But, if the script were to somehow blow-up the page or indicate that it was not the real site, it would be caught by the phisher before production, which makes it's pretty useless. -----Original Message----- From: Umil [mailto:umil () hotmail com] Sent: Friday, September 26, 2008 5:41 PM To: Ron; Razi Shaban Cc: mflynn () netvision com; security-basics () securityfocus com Subject: Re: Anti-Phishing with digital watermarking But I don't think would hurt if this is added. If they remove it, that "notification" is gone and we are back to other controls we have. If they don't remove it, we have something valuable, don't you think? ----- Original Message ----- From: "Ron" <ron () skullsecurity net> To: "Razi Shaban" <razishaban () gmail com> Cc: <mflynn () netvision com>; <security-basics () securityfocus com> Sent: Friday, September 26, 2008 1:04 PM Subject: Re: Anti-Phishing with digital watermarking
Razi Shaban wrote:On Fri, Sep 26, 2008 at 10:42 PM, Matt Flynn <mflynn () netvision com> wrote: True, but the majority of phishers simply copy the HTML code whole from the original site, with very few modifications. I've seen phishers who even leave comments in HTML code. Even those who modify the HTML usually do not modify the .js files, if you put the obfuscation in another .js that is used to run something or another, I highly doubt any phishers will notice. -- Razi ShabanI disagree; I expect that, if nothing else, the phishers at least *look* at the page they copied, at which point they'd notice and remove
it.
Ron
Current thread:
- Anti-Phishing with digital watermarking Alcides (Sep 26)
- RE: Anti-Phishing with digital watermarking Matt Flynn (Sep 26)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 26)
- Re: Anti-Phishing with digital watermarking Ron (Sep 26)
- Re: Anti-Phishing with digital watermarking Umil (Sep 26)
- RE: Anti-Phishing with digital watermarking Matt Flynn (Sep 26)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 26)
- RE: Anti-Phishing with digital watermarking Matt Flynn (Sep 26)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 29)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 29)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)
- Re: Anti-Phishing with digital watermarking Ryan Greenier (Sep 30)
- Re: Anti-Phishing with digital watermarking Ansgar Wiechers (Sep 30)
- Re: Anti-Phishing with digital watermarking Razi Shaban (Sep 30)