It is also useful in blocking outbound connections which are
aimed at these sites. The blocking can be done by a web filter,
an endpoint firewall, a router at the organization’s boundary,
or in the user’s browser.
Microsoft has offered an add-on phishing filter [13] for some
time; this has become a built-in feature in Internet Explorer 7,
currently in its Beta 2 release.
So community-based block lists can help, and it is suggested
that they can be very responsive if the community is large
and widespread. (If just one person in the entire world
reports a phishing site, everyone else can benefit from this
knowledge.)
But the phishing criminals can react nimbly, too. For
example, using a network of botnet-infected PCs, it would be
a simple matter to ‘report’ that a slew of legitimate sites were
bogus. Correcting errors of this sort could take the
law-abiding parts of the community a long time, and render
the block list unusable until it is sorted out. Alternatively, the
community might need to make it tougher to get an Internet
site added to the list, to resist false positives. This would
render the service less responsive.
Q. You mentioned botnets above, which brings to mind
keylogging and other common tricks employed by malware.
How are we doing against these threats?
A. A trojan on your PC can succeed without subverting your
connection to an on-line service. In fact, many
banking-related trojans specifically watch out for you to make
a legitimate connection to your bank. (In this case, it may,
ironically, be to the trojan’s advantage that you
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24