At PhishTank, we focus on phish and phishing, and we leave other bad areas (viruses, malware, spam, botnets) to other communities, like Project Honey Pot (anti-spam) for instance.

But some of the folks on the dark side of the Internet defy such categorization. They don’t limit themselves to phishing. So, we’ve had a few submissions of phish URLs which also try to infect the visitor with a virus.

In the past, we’ve deleted these submissions out of hand, but we don’t want to give phishers an easy way to avoid identification by compounding their crimes.

How we deal with these submissions now, thanks to miked:

1. All submissions are scanned for viruses.
2. We never display the actual suspected phishing site by default. (Always been the case.)
3. If our scan indicates a possible virus in the submission, then when you click the “View site in frame” tab, you will be warned. You will be able to continue, but you should be even more careful than usual.
4. Same general experience holds for the “View site in new window” link: a warning, with an option to continue.

No virus scanning is perfect, and phishing sites change, so please make sure that if you venture over to the site itself, that you always do so in a very-up-to-date browser, with security settings at their highest levels. We hope the technical information tab also limits the need to visit the site itself.

If you want to see this in action, then take a look at 19880, which is online still as I write this.

To cite Hill Street Blues (long-gone TV show), let’s be careful out there.