|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Discovering and Stopping Phishing/Scam Attacks
From: Marco A. Zamora Cunningham (marco.zamora
cbbanorte.com.mx)
Date: Wed Apr 27 2005 - 10:06:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Actually, it's even easier than that. They can simply redirect the
> I don't think this would slow them down for more than a week or so--
> they **could** just copy the images to their site if they wanted to.
Once that happens, you could use something that is somewhat CPU
intensive, but might be effective: steganography. Embed digital
watermarks in a few, select corporate image files (logos and such,
especially those in login screens) for each session (standard
cookie-based sessions can let you create the watermarked images and
cache them for the duration of the session or a timeout).
Then, when you find a copied image in a phishing kit, you get the
watermark, track down when/where it was downloaded (from your
watermarked files access log), and use that in your investigation of the
perp.
Just an idea, someone might be interested in working out its
feasibility.
Marco Zamora
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]