Lets Go Phishing

30 November -0001

While reading the F-Secure blog today I came across an interesting service that I hadn't know about before. PhishTank (http://www.phishtank.com/) is a service that allows you to submit suspected phishing sites and tracks their status. With an open API, PhishTank even lets you write tools to query their data.

This is a really neat development. It's about time that phishing sites faced the same sort of scrutiny that e-mail has in the past with sites like Spamhaus (http://www.spamhaus.org/sbl/). Unfortunately that sort of scrutiny led spammers to utilize infected end users systems rather than open e-mail relays or compromised servers. With botnets providing much of the SMTP service these days it isn't feasible any more to block specific sender IP addresses (with hundreds of thousands of bots, the herders just promote one after another to be an SMTP server until it's blocked, with a nearly inexhaustible pool).

PhishTank will likely evoke the same response. Instead of phishers registering domain names that are clever misspellings of common sites (or registering site names in obscure top level domains) they will likely be forced to piggy back off another DNS listing. F-Secure reports they've already seen this with spam sites sitting on web servers of venerable, and respectable sites. I've seen this in the EDU sector as well, with spammers compromising web hosts simply to host phishing content.

It seems the battle against phishing will continue, punctuated by the oneupmanship that has marked much of the struggle against malware. I still like the concept of PhishTank though, and anything we can do to help protect end users is certainly a step in the right direction.