Security Incidents mailing list archives
RE: Discovering and Stopping Phishing/Scam Attacks
From: "Marco A. Zamora Cunningham" <marco.zamora () cbbanorte com mx>
Date: Wed, 27 Apr 2005 10:06:18 -0500
Actually, it's even easier than that. They can simply redirect the I don't think this would slow them down for more than a week or so-- they **could** just copy the images to their site if they wanted to.
Once that happens, you could use something that is somewhat CPU intensive, but might be effective: steganography. Embed digital watermarks in a few, select corporate image files (logos and such, especially those in login screens) for each session (standard cookie-based sessions can let you create the watermarked images and cache them for the duration of the session or a timeout). Then, when you find a copied image in a phishing kit, you get the watermark, track down when/where it was downloaded (from your watermarked files access log), and use that in your investigation of the perp. Just an idea, someone might be interested in working out its feasibility. Marco Zamora -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Discovering and Stopping Phishing/Scam Attacks, (continued)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Michael J. Pomraning (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks Crispin Cowan (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks thomas adams (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Alex (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Thomas Adams (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Scovetta, Michael V (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Marco A. Zamora Cunningham (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Krul Thomas (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Calder, James (EXP) (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Randy (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Nuno Costa (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Dave Greer (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Rainer Duffner (Apr 28)
- Message not available
- Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Daniel Hanson (Apr 28)
- Re: Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Valdis . Kletnieks (Apr 29)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Steven (Apr 28)