2005-05-03
Phishing checks in a browser
Jermiah Grossman writes a interesting aritcle about phishing:
What Phishers Know that you don't.
In it he mentions:
A recent report issued by the Anti-Phishing Working Group (APWG), states Phishers are visibly employing cross-site scripting redirect attacks. "...Websense Security saw a number of attacks using cross-site scripting to redirect URL's from popular Web sites in order to better present themselves and as a means to prevent blocking," according to the APWG February 2005 Trends Report. Using specially crafted links, Phishers are piggybacking on legitimate domain names to pull off their scams.I belive phishers are doing this to try and fool the email scanners which have these kind of checks in them. But while people are doing this, I'm wondering if a plugin couldn't be written in IE/firefox which looks at the *FINAL* destination, not the origninal URL and sees if that is in a blacklist, and sends a warning then. Any browser developers up for this kind of thing? The logic for determining the validity of a site is out there and established.. it would be just a matter of modifying a existing plugin which does something similar (like Stephane Queraud's Google Pagerank extension) to look up a SUBRL website instead of the pageranking one. If anybody has done one .. please ping me/add a comment..