[Dshield] Anti-Phishing

WebMaster@Commerco.Net WebMaster at Commerco.Net
Fri Mar 10 16:25:12 GMT 2006


I think that similar logic to your own gave birth to the site 
http://www.aa419.org/ - a site designed to cause difficulties for fake banks.

Perhaps their experience may be valuable in developing your own plan.


WebMaster at Commerco.Net

At 07:13 AM 3/10/2006, you wrote:
>Greetings All,
>What if we were able to make life more miserable for phishers? Would 
>it slow them down or discourage them?
>Would it be ethical to do so? Legal?
>A thought along those lines: There are dozens of programs available 
>that will generate 'legitimate' fake credit card numbers, bank 
>account numbers, etc. There are all sorts of ways to generate lists 
>of names. Use these types of programs to create millions of bogus 
>identities. Then flood the phishing site with so much bogus 
>information that it would become a real chore to sort out the 
>legitimate phish caught from the decoys. To accomplish this would be simple:
>    1) Visit the phish site and determine the information they are collecting.
>    2) Write a simple shell script to generate the required bogus 
> data in HTTP POST (or whatever method used) format.
>    3) Have the shell script submit the bogus data (netcat, etc.) to 
> the phish site one bogus identity at a time.
>A real dumb phisher may even try to use bogus data and that may be 
>the trigger that gets them caught.
>Just a thought...
>Jon Kibler
>Jon R. Kibler
>Chief Technical Officer
>A.S.E.T., Inc.
>Charleston, SC  USA
>(843) 849-8214
>Filtered by: TRUSTEM.COM's Email Filtering Service
>No Spam. No Viruses. Just Good Clean Email.
>Learn about Intrusion Detection in Depth from the comfort of your own couch:
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list