Clustering Phishing Attacks

January 26, 2007 / Comments (0) / by Dancho Danchev

Clustering a phishing attack to get an in-depth and complete view on the inner workings of a major phishing outbreak or a specific campaign only - that's just among the many other applications of the InternetPerils. Backed up with neat visualization features, taking a layered approach, thus, make it easier for analysts do their jobs faster, its capabilities are already scoring points in the information security industry :

"InternetPerils has discovered that those phishing servers cluster, and infest ISPs at the same locations for weeks or months. Here's an example of a phishing cluster in Germany, ever-changing yet persistent for four months, according to path data collected and processed by InternetPerils, using phishing server addresses from the Anti-Phishing Working Group (APWG) repository. The above animation demonstrates a persistent phishing cluster detected and analyzed by InternetPerils using server addresses from 20 dumps of the APWG repository, the earliest shown 17 May and the latest 20 September. This phishing cluster continues to persist after the dates depicted, and InternetPerils continues to track it."

Here are seven other interesting anti-phishing projects, and a hint to the ISPs who really want to know what their customers are (unknowingly) up to.