March 10, 2006 Clever Phishers Dodge Spoofed Site Shutdowns By Gregg Keizer Courtesy of Page 1 of 2 Fraudsters are using a new technique to keep their spoofed sites up and running even as authorities pull the plug, a security expert said this week. According to Security's Naftali Bennett, the senior vice president of its Cyota anti-fraud division, some have started using a tactic called "smart site " to stay a step ahead of the law. "The goal of the phisher is to keep his spoofed site alive as long as possible," said Bennett. The longer the site remains active, the more victims a can dupe into divulging confidential information such as bank or credit account usernames, passwords, and PINs. In a smart site redirection, the attacker creates several identical copies of the spoofed site, each with a different URL, often hosted by different ISPs. When the phishing e-mails go out, all include a link to yet another site, a "central redirector." When the potential victim clicks on the e-mailed link, the redirector checks all the sites, identifies which are still live, and invisibly redirects the user to one. Clever, said Bennett, but just the latest in what he called a "battle of brains" between and security firms. "This is a new evolution in their tactics to lengthen the duration of the attack," he said. Phishers first hosted their spoofed site at only one location, but defenders got wise and would track down the site's Internet service provider and convince it to shut down the illegal URL. "The average duration for a phishing site is still 5 or 6 days," said Bennett, although vendors like Cyota, which monitors developing phishing attacks to warn its clients, can trim that to four hours or so. Next, phishers took to sending out their link-infested spam in several waves, each wave with a pointer to a different spoofed site. Again, said Bennett, their goal was to stretch out the attack time to maximize returns. "They'd send out, say, 20 million e-mails, but divided into five batches several days apart, each sent to a different site so that there would always be at least one site up and running." E-mail This Story Print This Story Page 2: next page Page 1 | 2 Get the latest Messaging news, product info, and trends every week.			FTC Smacks Spammer With $900K Fine IM: Real-Time Securrity Problems For Financial Services Bot Herders Ready Attack Against Message Forums Researchers Warn Of Coming Tax Scams Microsoft Vows To Keep Pressure On Phishers The High Cost Of Data Loss     Messaging Pipeline's Main RSS Feed     Messaging Pipeline's Blog RSS Feed Editorial and vendor perspectives The Six Flavors Of Windows Vista Microsoft plans to release a full six-pack of Vista versions, one for every taste. Which Vista will be right for you? Hope is Not Enough When It Comes To Compliance Three Ways To Authenticate E-Mail And Stop Spam Wikis In The Workplace Review: Google Desktop 3 Vendors are now talking about how collaboration can be improved by integrating video with messaging applications. They're even talking about adding live TV to mobile phones. How far do you go before it becomes a bandwidth and business productivity drain? Video is a great idea     13% Video is fine but there needs to be size limits     25% It's never used for anything really productive     38% I draw the line at live TV     25% In search of messaging products? Check out our brand new Product Finder for a directory of groupware and collaboration tools, security products, archiving solutions, and more.