Re: Discovering and Stopping Phishing/Scam Attacks

["Steven" <steven () lovebug org>]

I think there have been a lot of good suggestions and ideas in response to 
the original message.  I thank you that went easy on me for not mentioning 
checking the referrer field in website logs.  That is also a great idea and 
would most likely effectively accomplish the same goal as using multiple 
image names.  However, I think a few people are missing the point.  I do 
realize that they could check the website to see if they have done this or 
simply just host the files themselves.  This would perhaps temporarily 
circumvent the image renaming method.  Checking the referrer to the images 
in the log files would still be possible.

The main point of all of this is to remain passive.  Your goal is not to 
show them an anti-fraud image or websites from accessing your images.  The 
point is to quickly detect these websites, shut them down, and do what is 
possible to stop any perpetrators.  At the same time I think this thread has 
struck a nerve that perhaps these banking and e-commerce websites could do 
more to educate users and try and stop customers from falling for this sort 
of thing.  Then again, we all know a sucker is born every minute.

Thanks for all the replies.  I think there have been a lot of good 
suggestions and insights into this whole process.

Steven 



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------