[Dshield] Anti-Phishing

Johannes B. Ullrich jullrich at sans.org
Fri Mar 10 16:25:44 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


I am always against anything that may be interpreted as an attack. In
your case, its probably "ok". And I am aware of a script by the name of
"phishph*cker" that will do just that: submit random data to the site.

Remember that many phishing sites are hosted on poorly secured shared
servers. As a result of your action, you may impact innocent bystanders
that are hosted on the same system.

A better course of action:
Install the netcraft anti-phishing toolbar and report the sites to
netcraft. Not only will this protect others, but you also have the
chance to win an ipod ;-)

Related notes:

- - shared servers are not suitable for business critical hosting needs.
They are fine for hobby sites or simple "business card" web sites. But
they should never be used for online stores and the like.

- - I am not saying that there is anything ethical/legal wrong with
submitting fake data to phishing sites. It just "doesn't feel right".

- - Regarding netcrafts anti-phishing toolbar: It will "report" to
netcraft what sites you visit, in order to lookup the risk rating for
this site. Also: it kind of entices you to click on random phishing
links in order to report them... this may not be a good idea. Still
waiting for the 0-day browser exploit that comes hidden as a phishing
email in order to entice security professionals to click on it to report
the phish to netcraft. You can report the phishing URLs via email as well.



Jon R. Kibler wrote:
> Greetings All,
> 
> What if we were able to make life more miserable for phishers? Would it slow them down or discourage them? 
> 
> Would it be ethical to do so? Legal?
> 
> A thought along those lines: There are dozens of programs available that will generate 'legitimate' fake credit card numbers, bank account numbers, etc. There are all sorts of ways to generate lists of names. Use these types of programs to create millions of bogus identities. Then flood the phishing site with so much bogus information that it would become a real chore to sort out the legitimate phish caught from the decoys. To accomplish this would be simple:
>    1) Visit the phish site and determine the information they are collecting.
>    2) Write a simple shell script to generate the required bogus data in HTTP POST (or whatever method used) format.
>    3) Have the shell script submit the bogus data (netcat, etc.) to the phish site one bogus identity at a time.
> 
> A real dumb phisher may even try to use bogus data and that may be the trigger that gets them caught.
> 
> Just a thought...
> 
> Jon Kibler
> 
> 
> ------------------------------------------------------------------------
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


- --

- -------------------
Johannes B. Ullrich, Ph.D
Chief Research Officer
SANS Institute
http://isc.sans.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEEaiIPNuXYcm/v/0RA44/AJ9fkygL9Oq3xuEerCYkFilB1Ux23gCdGeAg
wr8rSu1MzRwF51hxl84Qb9M=
=j+F4
-----END PGP SIGNATURE-----


More information about the list mailing list