WebApp Sec mailing list archives
Re: [Fwd: anti-phishing implementation]
From: Bjorn Borg <bjorn.brg () gmail com>
Date: Fri, 19 Aug 2005 23:47:31 +0200
Hi everybody, Thanks for your replies!!! I have tried to find information from Netcraft, Earthlink's website, but no fraud link database is available there. Anti-Phishing Working Group has a nice archive but not sufficient (http://www.antiphishing.org/phishing_archive.html). My intention, unlike Netcraft, Earthlink toolbar, is to make the tool stand-alone as an anti-virus utility. It would capture packets at IP layer and filter HTTP, POP3 packets to analyze phishing vulnerabilities so that the tool can work no matter browsers or mail clients users are using. By working at lower layer, it may have abilitiy to detect pharming attacks for later works. People, suggestions, please? Here are other tools I have gone over: www.callingid.com www.phishing.net Bruce Schneier's blog: http://www.schneier.com/cgi-bin/search/search.pl?Terms=phishing&Realm=blog Best Regards, Bjorn MSc. student in Information and Communication System Security DSV Department, KTH, Stockholm, Sweden Mobile: +46 762 07 3465 bjorn.brg () gmail com On 8/19/05, Mads Rasmussen <mads () opencs com br> wrote:
Could anyone from the list help Bjorn with his thesis? Request a confirmation from him before sending information, must identify whether he is a Phd student from the postulated university or not. Regards, Mads -------- Original Message -------- Subject: anti-phishing implementation Date: Fri, 19 Aug 2005 15:29:52 +0200 From: Bjorn Borg <bjorn.brg () gmail com> To: bugtraq () securityfocus com, focus-virus () securityfocus com, focus-ms () securityfocus com, honeypots () securityfocus com, pen-test () securityfocus com, security-basics () securityfocus com, security-management () securityfocus com, forensics () securityfocus com, webappsec () securityfocus com, secureshell () securityfocus com Hi everyone, I just started to develop an anti-phishing tool for my thesis. The tool should have two tasks. First one is to detect and prevent known attacks from web-based and POP3 emails. Second is to analyze emails' content to identify unknown phishing email and spoofed link. To make the first task work, I need a full database of known phishing emails, links. Anybody know where I can get this database? I really appreciate any suggestion about how to make this tool work, sources,... Many thanks, Bjorn Kungliga Tekniska Hogskolan, Stockholm, Sweden -- Mads Rasmussen Security Consultant Open Communications Security +55 11 3345 2525
Current thread:
- Re: [Fwd: anti-phishing implementation] Bjorn Borg (Aug 19)