Phollowing the Phishers
More and more phishing emails can be traced back to compromised home PCs. For example, one that purported to be from CitiBank used the URL https://web.da-us.citibank.com/cgi-bin/citifi/scripts/login2/login.jsp?, but if you looked at the source it was really sending you to 68.72.96.25, which resolves to adsl-68-72-96-25.dsl.chcgil.ameritech.net - probably a home user of Ameritech's DSL service whose PC has been compromised.
Even the simplest NAT firewall turned on at the DSL modem would stop this from working, the firewall in XP SP2 might as well. So, two easy steps to make it harder at that end.
But what really needs to change is the browser. There has to be a warning that the displayed destination is not where the browser is really going. Imagine if telephones allowed you to dial 800 BUY BOOK and it didn't take you to 900 280-2665, instead it took you to a credit hackers telephone. You'd be screaming at whoever sold you that phone. Unfortunately, the browser world has stagnated since Netscreen went down the dumper - maybe a bit of Firefox adoption will stir some innovation.
Very thoughtful. We also believe that wireless mobile cell-phone viruses should be blocked by SP (service providers) instead of billions of end users. But that may not block 100% threats, so each cell-phone still needs some security agent software. --by MeshFire
Posted by: MeshFire | 18 May 2005 at 11:49 AM