<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d33547542\x26blogName\x3dNotes+%26+Thoughts\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://jonpoon.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://jonpoon.blogspot.com/\x26vt\x3d3412814716534773350', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Sunday, October 22, 2006

Got some spare time? Let's do some (anti)phishing together

I'm going to make use of the unexpected and sudden increase in traffic on this blog, due to my previous post, to talk about a volunteer project that I've been doing in my spare time.

The volunteer project that I'm talking about is the Phishing Incident Reporting and Reporting Squad, or PIRT as it is more commonly known.

What this project does is to vet through each and every submission of potential phishing sites and scam mails that are submitted and prepare the necessary information for ISPs, hosting providers, NIC handlers, CERTs, the commercial entities that are being faked, and/or other organizations that need to gather such reports for takedown or legal proceedings.

The gathering point for PIRT is on CastleCops, and is the first public and volunteers-based antiphishing community. The group of handlers are friendly and training is provided to help the newcomers get up to speed in determining whether a site is a phish/scam/exploit/spam or not.

As i go through the submissions, and gathered the necessary information for the reports, I've increased my knowledge of how such exploits work, usage of network tools, and the ways that the hosting sites are exploited or hacked to host such pages. I believe that's the same case for the rest of the handlers too.

Though not a primary focus of PIRT, the queue does get submissions of direct links to malware. Due to my concern as the admin of the release scanning system, i do gather such samples and forward them to the AV vendors for their detection (if they are not being detected at the point of investigation).

Recently, PIRT has hit the 10,000 submissions to Netcraft. Though it is indeed a good landmark to hit, it's also a bad reflection on what the end users are facing on a day to day basis.

It's also an indicator of the amount of daily submissions to PIRT. Though the current handlers are doing their best, the ever-increasing queue make one feel like a member of the Rohirrim defence in Helm's Deep while overlooking the oncoming army of Saruman's Uruk-hai!

Chances are, you will get at least a phish mail once in a while. Even if you do not have the time or knowledge to join the handlers, you can still send the phish mails to PIRT for the folks to take care of. You can also forward the phish mail to pirt (AT) castlecops.com.

By doing either of these actions, you will be helping to reduce the chances that another fellow Internet user will be scammed by the phishing sites.

Using an excerpt from Eric Cartman, in Make Love, Not Warcraft, as he was gathering support from his buddies to fight against the one with no life, "You can just hang around.... or you can sit at your computer and do something that matters.".

I think it applies in this case too. 8)

For more info about PIRT,  check out the Castlecops' wiki.

posted by Jonathan at 10:02 PM

0 Comments:

Post a Comment

<< Home