Comments on: PhishTank Annual Report: U.S. telecoms hosting phishes; OpenDNS offering a solution http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/ A blog about and from PhishTank, a collaborative clearinghouse for data about phishing. Sun, 06 Jul 2008 02:02:24 +0000 http://wordpress.org/?v=2.0.4 by: John Nagle http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-55828 Mon, 26 Nov 2007 19:29:42 +0000 http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-55828 It's interesting seeing those statistics. Did "miowpurr" really verify 221042 phishes? That's one every 32 seconds for a working year. Are they being paid? We now generate a report every three hours showing major domains currently exploited by phishing attacks: http://www.sitetruth.com/reports/phishes.html This is based on PhishTank, DMOZ, and SiteTruth data. There are only 169 major domains (ones notable enough to be in the Open Directory, which has 1.6 million domains) hosting or redirecting to active phishes. So solving this problem is within reach. Most of the problem sites are either ISPs or have an open redirector; a few are clearly break-in situations. We're seeing some problems with old phishes not being removed from PhishTank. If you click on the "PhishTank Example" button for each entry in our list, you'll see a PhishTank entry marked "valid and online". But if you follow the link to the actual page, most of the time, the page will no longer be available. And, almost always, PhishTank will report "No Screenshot Yet", even for entries that are months old. It’s interesting seeing those statistics.

Did “miowpurr” really verify 221042 phishes? That’s one every 32 seconds for a working year. Are they being paid?

We now generate a report every three hours showing major domains currently exploited by phishing attacks:

http://www.sitetruth.com/reports/phishes.html

This is based on PhishTank, DMOZ, and SiteTruth data. There are only 169 major domains (ones notable enough to be in the Open Directory, which has 1.6 million domains) hosting or redirecting to active phishes. So solving this problem is within reach. Most of the problem sites are either ISPs or have an open redirector; a few are clearly break-in situations.

We’re seeing some problems with old phishes not being removed from PhishTank. If you click on the “PhishTank Example” button for each entry in our list, you’ll see a PhishTank entry marked “valid and online”. But if you follow the link to the actual page, most of the time, the page will no longer be available. And, almost always, PhishTank will report “No Screenshot Yet”, even for entries that are months old.

]]> by: M M http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-48914 Sun, 21 Oct 2007 13:39:13 +0000 http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-48914 The ONE ongoing issue that I want OpenDNS and PhishTank to address within their automated method of submission is to ensure that obfuscated URL's, in particular those utilizing the Decimal method (ex: http://2130700433/ ) that a means for flagging that entry be made or that it may be automatically calculated into its IP equivalent and automatically resubmitted so it doesn't fall through the cracks. I've personally calculated these IP's and have submitted several of them as separate entries through PhishTank so the phish itself can be targeted and resolved. Security issues with unpatched computers is likely one of the causes. The Society is noticing more and more mail and ftp servers becoming compromised, especially in the last six months or so. These scum won't stop, and we shouldn't either! Let's keep the heat on the phishes until they're well done and ready for eating. MM of the London Antiphishing Society (near Arkansas Nuclear One) now in Little Rock. The ONE ongoing issue that I want OpenDNS and PhishTank to address within their automated
method of submission is to ensure that obfuscated URL’s, in particular those utilizing the
Decimal method (ex: http://2130700433/ ) that a means for flagging that entry be made or
that it may be automatically calculated into its IP equivalent and automatically resubmitted
so it doesn’t fall through the cracks. I’ve personally calculated these IP’s and have submitted
several of them as separate entries through PhishTank so the phish itself can be targeted
and resolved.

Security issues with unpatched computers is likely one of the causes. The Society is
noticing more and more mail and ftp servers becoming compromised, especially in the
last six months or so. These scum won’t stop, and we shouldn’t either! Let’s keep the
heat on the phishes until they’re well done and ready for eating.

MM of the London Antiphishing Society (near Arkansas Nuclear One)
now in Little Rock.

]]> by: Ilgaz Ă–cal http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-47817 Sun, 14 Oct 2007 04:46:18 +0000 http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-47817 I am hoping the banks, financial organisations are using the FREE DATA we (you and community) using. Seeing some phishing sites stay up for 3 days, I have serious questions about it. I am hoping the banks, financial organisations are using the FREE DATA we (you and community) using.
Seeing some phishing sites stay up for 3 days, I have serious questions about it.

]]> by: Primer informe anual sobre phishing elaborado por PhishTank http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-47491 Fri, 12 Oct 2007 05:24:17 +0000 http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/#comment-47491 [...] PhishTank Annual Report: U.S. telecoms hosting phishes http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/ [...] […] PhishTank Annual Report: U.S. telecoms hosting phishes http://www.phishtank.com/blog/2007/10/09/phishtank-annual-report/ […]

]]>