WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Fwd: anti-phishing implementation]

From: Bjorn Borg <bjorn.brg () gmail com>
Date: Fri, 19 Aug 2005 23:47:31 +0200
Hi everybody,

Thanks for your replies!!!

I have tried to find information from Netcraft, Earthlink's website,
but no fraud link database is available there. Anti-Phishing Working
Group has a nice archive but not sufficient
(http://www.antiphishing.org/phishing_archive.html).

My intention, unlike Netcraft, Earthlink toolbar, is to make the tool
stand-alone as an anti-virus utility. It would capture packets at IP
layer and filter HTTP, POP3 packets to analyze phishing
vulnerabilities so that the tool can work no matter browsers or mail
clients users are using. By working at lower layer, it may have
abilitiy to detect pharming attacks for later works. People,
suggestions, please?
 
Here are other tools I have gone over: 
www.callingid.com
www.phishing.net

Bruce Schneier's blog:
http://www.schneier.com/cgi-bin/search/search.pl?Terms=phishing&Realm=blog

Best Regards,

Bjorn
MSc. student in Information and Communication System Security
DSV Department, KTH, Stockholm, Sweden
Mobile: +46 762 07 3465
bjorn.brg () gmail com

On 8/19/05, Mads Rasmussen <mads () opencs com br> wrote:


Could anyone from the list help Bjorn with his thesis?

Request a confirmation from him before sending information, must
identify whether he is a Phd student from the postulated university or not.

Regards,

Mads

-------- Original Message --------
Subject:        anti-phishing implementation
Date:   Fri, 19 Aug 2005 15:29:52 +0200
From:   Bjorn Borg <bjorn.brg () gmail com>
To:     bugtraq () securityfocus com, focus-virus () securityfocus com,
focus-ms () securityfocus com, honeypots () securityfocus com,
pen-test () securityfocus com, security-basics () securityfocus com,
security-management () securityfocus com, forensics () securityfocus com,
webappsec () securityfocus com, secureshell () securityfocus com



Hi everyone,

I just started to develop an anti-phishing tool for my thesis.

The tool should have two tasks. First one is to detect and prevent
known attacks from web-based and POP3 emails. Second is to analyze
emails' content to identify unknown phishing email and spoofed link.

To make the first task work, I need a full database of known phishing
emails, links. Anybody know where I can get this database?

I really appreciate any suggestion about how to make this tool work, sources,...

Many thanks,

Bjorn
Kungliga Tekniska Hogskolan, Stockholm, Sweden


--
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525
Previous By Date Next
Previous By Thread Next

Current thread: