digg

Facebook Connect Join Digg About

Online Neighborhood Watch Nails Phishers

news.zdnet.com — A volunteer group, dubbed the Phishing Incident Reporting and Termination squad (PIRT), will take in reports from consumers of suspected phishing Web sites and work to take the sites offline. On Friday, before its official launch, the group received 100 phishing reports, and 30 of those were shut down in a few hours.

Who dugg this? Made popular Mar 28, 2006

Add a friend

submitted by

wilwheaton Mar 28, 2006

487 diggs
digg

61 Comments

wilwheaton, on 10/12/2007, -1/+9I'd suspect that the average Digg user can quickly and easily spot a phishing scandal (if it even gets past our filters) but it's people like our parents who need to be protected. If we can work together to nail these phishing ***** at the server level, it's time well spent.
inactive, on 10/12/2007, -0/+5My concern isn't whether the average tech can spot it. It's whether the people reporting these and the people doing the close-downs can. I've had people spoof millions of emails "from my domain" which has caused enormous problems from idiots who thought they knew something and didn't - and admins who didn't bother to pay attention and just assumed the mail really was from me and really was spam. Very disconcerting when you are running a non-profit site with tons of users who expect the thousands of emails you send every day to actually GET to them.
Tribble, on 10/12/2007, -0/+4You've missed the reports davidu, the data is entirely open to the community, just read the reports. The phish URL is there with all investigatory work. If its so publicly open how is it among closed circles? Don't mislead the readers.
uhdean, on 10/12/2007, -0/+2Just post the URL to the phishing site to digg.com and the Diggers will bring the site down in no time!
davidu, on 10/12/2007, -1/+3Hmm... More closed phishing circles. I think this data needs to be way more open and available. Also, credit should be given to data providers and there should be a feedback loop. I'm working on this now. If someone is interested in helping me they should definitely email. Bay Area folks even better!
MissM, on 10/12/2007, -0/+1From the blog of one of the partners in this wonderful initiative!!
Sunbelt BLOG: Become a phishing terminator http://sunbeltblog.blogspot.com/2006/03/become-phishing-terminator.html
Good catch wil!
inactive, on 10/12/2007, -0/+1It says how they do it in the article. At least that is what they say they do.
merreborn, on 10/12/2007, -0/+1seumas: A valid concern.

However, I think it's pretty clear to most net-savvy folks that the site responsible for a phishing attack is not the domain from which the email appears to have been sent from, but the phishing URL to which it links.

If a phishing email links to a URL on your server that's clearly a fake ebay/paypal/amazon/bank login page, your server is hosting a phisher, no questions about it.

You still have to be careful. First things first, it's probably best to contact the ISP first.

One problem with stepping up to the level of DDoSing a server hosting a phishing URL, is that there may be other perfectly legitimate sites hosted on the same box/network/ISP that may be affected by your attack. Hopefully, these guys don't aproach this level of vigilanteism.
ub40, on 02/10/2009, -0/+1to phish or not to phish, a spammers question lol

________________________
http://www.loanmodifyexpress.com/
http://travel.newgreatfinds.com/
http://budget-car-rental3.blogspot.com/
Tweekster, on 10/12/2007, -0/+1I have been doing that a lot lately from the spam reports on my email server...

I contacted 3 websites last week, all were shut down within 12 hours. They were quite suprised as to what was happening..

I also contacted Bellsouth about a spammer/phisher on their dsl service...man they are idiots. saying that they cant control what he is sending blah blah blah they arent responsible etc etc etc.

It felt good to get those couple of sites knocked offline so quickly. Hopefully before anyone got scammed
noniksayang01, on 02/18/2009, -0/+1It's an interesting posting ....

http://www.pregnancy-stages.info/
http://hitsfavouritemusic.blogspot.com/
http://cookingadventures73.blogspot.com/
http://pregnancystages73.blogspot.com/
http://system-teeth-whitening.blogspot.com/
LarianLeQuella, on 10/12/2007, -0/+1Keep up the good work. I hate these phishers and spam as well. Anything to eliminate them is okay by me (does that include eliminating them from the gene pool as well?).
johndough333, on 02/05/2009, -0/+1I say keep up the good work as well!

http://www.acai-information.com

http://www.verified-wholesalers.com
gd007, on 10/12/2007, -0/+1Very good. I have a web site where I teach about evils of spam and phishing in a
funny way. It is : http://www.spamsalad.com/.
critic, on 10/12/2007, -0/+0I dunno I've given up reporting all the Paypal ***** I get to Paypal. Standard form letter, yes we know it's phishing, yes we are working to solve the problem, yes we are...That was about a thousand emails ago asking me to verify my Paypal account. btw - Do you think Paypal maintains offices in Nigeria?
Tweekster, on 10/12/2007, -1/+1"
I think there is no way they are doing it legally, and as amateurs and not in any way government or certefied, they have no reliable way of distinguishing between legit phishing, domain spoofing, and simple abuse of their system."

well since they are looking for people who know how to deal with Asian ISP's it is pretty obvious they are doing it legally by contacting ISPs

jeez, I would have thought was pretty evident
taem, on 02/14/2009, -0/+0And this is different from the way the MSM works, how?
http://www.super-oyunlar.com
http://www.recepivedik.in
gossipgetdotcom, on 03/25/2009, -0/+0thanks for the article links in the above given its nice collections

http://gossipget.com
mwisconsin, on 10/12/2007, -0/+0Why should I care about the efforts of a 100 volunteers, when Spamcop makes my complaints for me, and immediately? Spamcop has culled the best places to complain about abuses, and many ISPs have parsers for Spamcop complaints.

*shrug* It just seems to me that an automated solution beats a human solution every time. Every Phishing email I submit to Spamcop has a site that goes down pretty quickly.
andi8, on 03/03/2009, -0/+0nice article...
http://southeastasiantourism.blogspot.com
noddy10123, on 02/15/2009, -0/+0Phishing is a real problem in internet
http://www.skateboardexpress.com.au
davidrowe, on 02/13/2009, -0/+0Spammers can GTFO

http://www.megatvs.net
nckate9623, on 03/30/2009, -0/+0phishing people should go to jail as they really make a big trouble without doing any good.

http://1gadget.net
ComputerGuru, on 10/12/2007, -1/+1How do they "take down" the sites? I don't think they are white hats like some of us here...........
mam4q123, on 02/14/2009, -0/+0Phishing and spamming is a headache for us.
http://www.johnjenkinsdirect.co.uk
Oldfrog, on 10/12/2007, -0/+0All that you have provided here is the TEXT of the email which shows the entirely legitimate PayPal link. The real phishing URL is not visible.
mwisconsin, on 10/12/2007, -0/+0and not the domain hosting the phish URL.

Wrong. Spamcop has parsed the body of spam since day one, looking for abused URLs. If you've looked at the output from spamcop from a parsed Phish email, you'll notice it complaining to the web host of the site as well.
Oldfrog, on 10/12/2007, -0/+0A couple of comments (I am the team leader of the handlers in this project):

Everything we do is 100% legal

Parsing the email body is often ineffective. We constantly see hyperlinks which target one domain that does a meta refresh to others. Multiple rotating DNS A records and multiple NS records from different providers are also common. We follow the chain until the very end. We also find and report all the associated ASNs. Every report that we confirm is 100% public and in addition to being provided to the netblock owners of all derived IP addresses is sent to vendors offering antiphishing toolbars and services.

I want to emphasize that this is not an antispam project. We concentrate exclusively on the fraudulent sites harvesting personally identifiable information and shut them down.
Tribble, on 10/12/2007, -0/+0Oldfrog is right, PIRT's purpose is to terminate phish and retrieve phish kits so we can follow the trail and report any drop zones immediately. So what happens when a phish has 7 different IP addresses residing on 4 different ASNs? Does Spamcop get them all shut down? I don't think so.
Tribble, on 10/12/2007, -0/+0Spamcop goes after the offending emailer, and not the domain hosting the phish URL. Both can be different, and in fact, the phish URL may point to multiple A records that have nothing to do with the MTA which sent the spam in the first place. PIRT is shutting down phish sites. No one else is doing this project.
belajardami, on 06/29/2009, -0/+0thx for the info. it's nice..
http://kisaranku.blogspot.com/2009/05/belajar-seo- ...
http://kisaranku.blogspot.com/2009/05/kontes-seo-a ...
http://kisaranku.blogspot.com/2009/05/wisata-seo-s ...
busymomDP, on 02/15/2009, -0/+0Cool story about Spammers
http://www.allaboutwines.info
puntoGT123DP, on 02/15/2009, -0/+0Real story for online users
http://www.powernetshop.at/adapter/fahrzeuge/bmw
suvari1794, on 02/23/2009, -0/+0look at my blogs to /(:
http://fatigue-sendromu.blogspot.com/
http://podiatry-guzeldir.blogspot.com/
http://acupuncture-igneleri.blogspot.com/
http://breastcancer-article-s.blogspot.com/
cdkeyheaven08, on 02/20/2009, -0/+0Online phishers are bad
http://www.cdkeyheaven.com
krispalmer3873, on 02/20/2009, -0/+0This is a nice posting ..
Look at my blog:
http://studentloan-guides.blogspot.com/
http://credit-card-guide.blogspot.com/
http://commodity-online-trading.blogspot.com/
http://online-distance-degrees.blogspot.com/
http://debt-consolidation-guides.blogspot.com/
http://fx-online.blogspot.com/
http://worlds-sexiest-women.blogspot.com/
CPrntr08, on 02/18/2009, -0/+0Impossible news about neighborhoods
http://www.cabledealsmonster.com
shintocute, on 02/19/2009, -0/+0old story i think...but it;s ok
http://blog.konsletz.info4
micky73, on 02/24/2009, -0/+0Just post the URL to the phishing site to digg.com and the Diggers will bring the site down in no time!
http://www.narutozon.com
http://www.mingotech.com
http://www.somecameras.com
http://www.cikale.com
http://www.ruzo.info
http://www.qaho.info
http://www.getdefender.com
http://www.china-xd.com
http://www.it2store.com
http://www.joomlayo.com
yellowseodp, on 02/24/2009, -0/+0Nice article about online users
http://www.yellowseo.com
grayfurt, on 05/08/2009, -0/+0Cool story about Spammers
http://www.playstationturk.net
shalin11, on 06/02/2009, -0/+0Old Story but still generating quite a buzz
hardwarekarthik, on 03/02/2009, -0/+0thanks for the article links in the above given its nice collections

http://clipshore.com
ihsan777, on 06/12/2009, -0/+0wah nice info Bro

http://ruang-ihsan.blogspot.com/2009/06/belajar-se ...
Show 51 - 60 of 60 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.