Interesting Anti-Phishing Projects

Seven anti-phishing projects, I especially find the browser recon and countermeasures one as a trendy concept, as phishers are already taking advantage of vulnerabilities allowing them to figure out a browser's history, thus establish a more reputable communication with the victim -- adaptive phishing.

01. Social Phishing
The fundamental purpose of this study was to study the effects of more advanced techniques in phishing using context. Receiving a message from a friend (or corroborated by friends), we hypothesized the credibility of the phishing attempt would be greater

02. Browser Recon and Countermeasures
One can use a simple technique used to examine the web browser history of an unsuspecting web site visitor using Cascading Style Sheets. Phishers typically send massive amounts of bulk email hoping their lure will be successful. Given greater context, such lures can be more effectively tailored---perhaps even in a context aware phishing attack

03. Socially Transmitted Malware
People are drawn in by websites containing fun content or something humorous, and they generally want to share it with their friends. This is considered social transmission: referral to a location based on reccommendation of peers. We measured possible malware spread using social transmission

04. Phishing with Consumer Electronics: Malicious Home Routers
It is easy to "doctor" a wireless router like the ones found at home or at a local WiFi hotspot to misdirect legitimate browser links to phoney and often harmful website.

05. Net Trust
Individuals are socialized to trust, and trust is a necessary enabler of e-commerce. The human element is the core of confidence scams, so any solution must have this element at its core. Scammers, such as phishers and purveyors of 419 fraud, are abusing trust on the Internet. All solutions to date, such as centralized trust authorities, have failed. Net Trust is the solution -- trust technologies grounded in human behavior

06. A Riddle
Could your browser release your personal information without your knowledge?

07. Phroogle
Exploiting comparison shopping engines to bait victims

You might also be interested in Google's Anti-Phishing Black and White Lists.

Airport Security Flash Game

Ever wanted to snoop through the luggage of others in exactly the same fashion yours gets searched through? Try this game, and make sure you keep an eye to the instantly updated "dangerous items" unless you want to be held responsible, and lose your badge.

Soviet Propaganda Posters During the Cold War

Posters are a simple, yet influential form of PSYOPS, and their type of one-to-many communication method successfully achieves a decent viral marketing effect. Here's an archive of Soviet propaganda posters against the U.S during the Cold War you might find entertaining -- here's part 2. "Capitalists from across the world, unite!"

North Korea's not lacking behind, and despite the end of the Cold War, is still taking advantage of well proven and self-serving psychological techniques to further spread their ideology.

Here are some collections of ITsecurity related ones as well.

Banking Trojan Defeating Virtual Keyboards

The folks behind VirusTotal, just released an analysis and an associated video of trojan generating video sessions of the infected end user's login process, thus bypassing the virtual keyboard many banks started providing with the idea to fight keyloggers.

"Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.

The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when
using the virtual keyboard, so that he gets the username and password without going into further trouble. It would obviously be place a heavy burden on the resources of the computer to capture the complete screen, both when generating the video clip as well as sending it to the attacker. The main reason for doing only a small portion of the screen referenced to the cursor is that the trojan guarantees the speed of the capture to show all the sequence and activity with the virtual keyboard seamlessly."

Anything you type can be keylogged, but generating videos of possibly hundreds of infected users would have a negative effect on the malware author's productivity, which is good at least for now. Follow my thoughts, the majority of virtual keyboards have static window names, static positions, and the mouse tend to move over X and Y co-ordinates, therefore doing a little research on the most targeted bank sites would come up with a pattern, pattern that should be randomized as much as possible. Trouble is, the majority of phishing attacks are still using the static image locations of the banks themselves, when this should have long been randomized as well.
OPIE authentication, suspicious activity based on geotagging anomalies, and transparent process for the customer -- please disturb me with an sms everytime money go out -- remain underdeveloped for the time being. You might find Candid Wüest's research on "Phishing in the Middle of the Stream" - Today's Threats to Online Banking informative reading on the rest of the issues to keep in mind.

No Anti Virus Software, No E-banking for You, or are Projection Keyboards an alternative?