InternetPerils' New Net Can Catch Phishers

InternetPerils has exposed a cluster of phishing servers operating from an ISP based in Germany. InternetPerils' analysis shows such clusters can infest unsuspecting ISPs for weeks or months. Free access to an animated GIF of the cluster over time, plus analysis, is availablehere.

Phishing clusters used to be invisible. Now InternetPerils' products identify phishing clusters so targets of phishing, including banks and consumers, can act by contacting the ISP hosting the cluster, or by contacting law enforcement agencies.

Phishing e-mail messages arrive in millions of mailboxes every day, pretending to be from a bank such as Bank of America, or from an E-tailer such as eBay or Paypal. A typical phishing e-mail directs its recipients to a web page with instructions to enter passwords or social security numbers to verify identity, but the web page is a scam and is not actually associated with the bank; it's on some other server.

No individual target of phishing would ever know that the phishing clusters exposed by InternetPerils exist, since each cluster attacks many different targets. Starting with phishing reports provided by the Anti-Phishing Working Group (APWG), InternetPerils collects ongoing network performance and topology data. PhishScope analyzes the composite data and animates it visually. PhishScope has already detected many clusters. In this example cluster, PhishScope shows phishing servers operating from the ISP, based in Karlsruhe, Germany, for a time period ranging from May through September 20, 2006.

InternetPerils now provides a range of products based on its patent-pending Gap Analysis of Internet Networks (GAIN) platform to give risk managers in IT and finance departments, as well as small business owners who rely on e-commerce, the ability to identify, track, and analyze episodes of adverse performance and service interruptions beyond the firewall and thus beyond their immediate and direct control.

PhishCam is the commercial version of PhishScope, and is available to Banks, E-Commerce vendors, ISPs, and Institutions including Universities and Government web sites that wish to certify that their Internet operations are free of criminal phishing activity.

Advanced PhishNet services for mission-critical, enterprise-level reputation and other risk management applications, law enforcement and networked banking security initiatives add detailed customer-specific inputs as well as customized alerts and user interface (GUI).

write your comments about the article :: 2006 Computing News :: home page