Personal Tech Pipeline | Smart Site Redirection | Clever Phishers Dodge Spoofed Site Shutdowns

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

March 10, 2006

Clever Phishers Dodge Spoofed Site Shutdowns

Courtesy of TechWeb News

Page 1 of 2

Fraudsters are using a new technique to keep their spoofed Web sites up and running even as authorities pull the plug, a security expert said this week.

According to RSA Security's Naftali Bennett, the senior vice president of its Cyota anti-fraud division, some phishers have started using a tactic called "smart site redirection" to stay a step ahead of the law.

"The goal of the phisher is to keep his spoofed site alive as long as possible," said Bennett. The longer the site remains active, the more victims a phisher can dupe into divulging confidential information such as bank or credit account usernames, passwords, and PINs.

In a smart site redirection, the attacker creates several identical copies of the spoofed site, each with a different URL, often hosted by different ISPs. When the phishing e-mails go out, all include a link to yet another site, a "central redirector." When the potential victim clicks on the e-mailed link, the redirector checks all the phishing sites, identifies which are still live, and invisibly redirects the user to one.

Clever, said Bennett, but just the latest in what he called a "battle of brains" between phishers and security firms.

"This is a new evolution in their tactics to lengthen the duration of the attack," he said.

Phishers first hosted their spoofed site at only one location, but defenders got wise and would track down the site's Internet service provider and convince it to shut down the illegal URL. "The average duration for a phishing site is still 5 or 6 days," said Bennett, although vendors like Cyota, which monitors developing phishing attacks to warn its clients, can trim that to four hours or so.

Next, phishers took to sending out their link-infested spam in several waves, each wave with a pointer to a different spoofed site. Again, said Bennett, their goal was to stretch out the attack time to maximize returns. "They'd send out, say, 20 million e-mails, but divided into five batches several days apart, each sent to a different site so that there would always be at least one site up and running."

E-mail This Story
Print This Story
Reprint This Story

Page 2: next page

Page 1 | 2

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
Unleash the Power & Opportunity of Grid Computing
Experts will identify trends in grid computing, provide
examples and examine solution options.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

Transform your IT infrastructure with IBM
Successful CIOs see IT as a prime stimulus for business innovation-and themselves as key participants in a process that develops business and IT strategies in concert. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

EMC SAN helps El Camino deliver superior service
EMC CLARiiON and Centera systems are helping El Camino Hospital provide better patient care. The hospital can quickly and effortlessly monitor, modify, and protect the availability of its entire storage environment while saving money ($150,000)

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
Stellent eSeminar "Approaches to Metadata Design" on March 23
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia