Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Discovering and Stopping Phishing/Scam Attacks

From: "Marco A. Zamora Cunningham" <marco.zamora () cbbanorte com mx>
Date: Wed, 27 Apr 2005 10:06:18 -0500
  Actually, it's even easier than that. They can simply redirect the
I don't think this would slow them down for more than a week or so--
they **could** just copy the images to their site if they wanted to.


Once that happens, you could use something that is somewhat CPU
intensive, but might be effective: steganography. Embed digital
watermarks in a few, select corporate image files (logos and such,
especially those in login screens) for each session (standard
cookie-based sessions can let you create the watermarked images and
cache them for the duration of the session or a timeout).

Then, when you find a copied image in a phishing kit, you get the
watermark, track down when/where it was downloaded (from your
watermarked files access log), and use that in your investigation of the
perp.

Just an idea, someone might be interested in working out its
feasibility.

Marco Zamora

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: