Anti-phishing Toolbars Evaluation

There is one important feature of Anti-phishing toolbars has
missed : 
The time gap between the launch of a phishing attack and it
is been 
recognized by the toolbars. It is the most profitable period
for phisher 
and most damage have done during that period. The quicker
the toolbar 
can respond, the better protection it can provide.

Although it would be hard to calculate the exact time gap,
but it would 
be possible to discover who generally respond first. This is
still hard 
to do, but it is feasible. Any body has better ideas of
doing this?

It would be also useful to evaluate how the toolbars get
updated. It 
would also useful to point out whether the toolbar is
database driven, 
rule based or use other AI techniques. This information can
reveal in 
principle how well the toolbar can handle known and unknown
phishing 
attacks.

The last suggestion I would made is add an entry about which
platform it 
support.

-xun dong.

Abhishek krishna wrote:
> Hi All,
> 
> Recently I carried out an evaluation of some of the
popular Anti-phishing
> toolbars. The toolbars were tested on a number of
parameters such as,
> accuracy in detecting phishing URLs, alerting
mechanism, detailed analysis
> of websites, help information provided to users etc.
The results obtained
> from the evaluation can help the users in selecting the
right anti-phishing
> toolbar.
> 
> You can read the details of the evaluation on my blog
on phishing at
> http://phishtrails.
blogspot.com/. All flowers, brickbats and suggestions
are
> welcome.
> 
> Thanks
> Abhishek
> 

xun dong wrote:
> There is one important feature of Anti-phishing
toolbars has missed :
> The time gap between the launch of a phishing attack
and it is been
> recognized by the toolbars. It is the most profitable
period for phisher
> and most damage have done during that period. The
quicker the toolbar
> can respond, the better protection it can provide.
> 

This is similar to 0-day. Till the attack (in our case
phishing site) is
added to the engine (db) it is undetectable. How to estimate
and solve
this, I do not know!

> Although it would be hard to calculate the exact time
gap, but it would
> be possible to discover who generally respond first.
This is still hard
> to do, but it is feasible. Any body has better ideas of
doing this?
> 
> It would be also useful to evaluate how the toolbars
get updated. It
> would also useful to point out whether the toolbar is
database driven,
> rule based or use other AI techniques. This information
can reveal in
> principle how well the toolbar can handle known and
unknown phishing
> attacks.
> 
> The last suggestion I would made is add an entry about
which platform it
> support.
> 
> -xun dong.
> 
> Abhishek krishna wrote:
>> Hi All,
>>
>> Recently I carried out an evaluation of some of the
popular Anti-phishing
>> toolbars. The toolbars were tested on a number of
parameters such as,
>> accuracy in detecting phishing URLs, alerting
mechanism, detailed
>> analysis
>> of websites, help information provided to users
etc. The results obtained
>> from the evaluation can help the users in selecting
the right
>> anti-phishing
>> toolbar.
>>
>> You can read the details of the evaluation on my
blog on phishing at
>> http://phishtrails.
blogspot.com/. All flowers, brickbats and
>> suggestions are
>> welcome.
>>
>> Thanks
>> Abhishek
>>
> 
> 
> 

Yes, this is important. All toolbars may ultimately get
their blacklist
database updated with extended time, but it is the speed
with which they
update their database is what really matters. 

An effective toolbar must have a very wide coverage and
multiple sources of
information to detect and promptly update their blacklist.
Evaluation of
this feature is possible with a known list of Phishing URL
which we know is
updated regularly. One which has been pointed by Paul is
given below:
http://www.castlecops.com/modules.php?name=Fr
ied_Phish&fp=phish 

-Abhi 

-----Original Message-----
From: xun dong [mailtoundon
gcs.york.ac.uk] 
Sent: Thursday, July 27, 2006 4:12 PM
To: phishingsecurityfocus.com
Subject: Re: Anti-phishing Toolbars Evaluation

There is one important feature of Anti-phishing toolbars has
missed : 
The time gap between the launch of a phishing attack and it
is been 
recognized by the toolbars. It is the most profitable period
for phisher 
and most damage have done during that period. The quicker
the toolbar 
can respond, the better protection it can provide.

Although it would be hard to calculate the exact time gap,
but it would 
be possible to discover who generally respond first. This is
still hard 
to do, but it is feasible. Any body has better ideas of
doing this?

It would be also useful to evaluate how the toolbars get
updated. It 
would also useful to point out whether the toolbar is
database driven, 
rule based or use other AI techniques. This information can
reveal in 
principle how well the toolbar can handle known and unknown
phishing 
attacks.

The last suggestion I would made is add an entry about which
platform it 
support.

-xun dong.

Abhishek krishna wrote:
> Hi All,
> 
> Recently I carried out an evaluation of some of the
popular Anti-phishing
> toolbars. The toolbars were tested on a number of
parameters such as,
> accuracy in detecting phishing URLs, alerting
mechanism, detailed analysis
> of websites, help information provided to users etc.
The results obtained
> from the evaluation can help the users in selecting the
right
anti-phishing
> toolbar.
> 
> You can read the details of the evaluation on my blog
on phishing at
> http://phishtrails.
blogspot.com/. All flowers, brickbats and suggestions
are
> welcome.
> 
> Thanks
> Abhishek
> 

Hi,

Just got a mail from the "IRS" which told me to
collect my refund:

http://218.71.239.118/.../IRS/refund/caseid886
432/pas.php?certegy_vm=trueportlet_change_1_actionOverrideFc
haseonlineFchangeFsigninDetails_windowLabel_portlet_signin_p
ageLabel_page_signin

It's a pretty bad SE hook because it tells me I'm entitled
only to $3.80. 
They trying to keep it practical ;)

Sent from serviceirs.gov. the mail comes from
210.112.167.230 (Korea).

Here's the message:

After the last annual calculations of your fiscal activity
we have determined
that you are eligible to receive a tax refund of *3.80.
*Please submit the tax
refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For
example submitting 
invalid
records or applying after the deadline.

To access the form for your tax refund, please *click here
<http://218.71.239.118/.../IRS/refund/caseid8864
32/index.html>*

Regards,
Internal Revenue Service