1. Agenda (this one!) – check!2. WW Phishing in the next (6, maybe 12) months3. Phishing in Romania (2007-2009)4. Why 2 & 3 ? 5. The current BitDefender approach6. Other important aspects 7. This paper will have no conclusions slide so please

pay attention! (yes, I’m talking to the guys in the back… where the power plugs are :p )

Agenda

WW Phishing in the next (6 - 12) months

• APWG on 2nd ½ of 2008– Unique phishing reports submitted to APWG 

recorded a yearly high of 34,758 in October – Unique phishing websites detected by APWG 

during the second half of 2008 saw a constant increase from July  and in October reached a maximum of 27,739 

IT WILL RISE!!, or in Malcom Gladwell’s words: “This is going to

tip” – (we trust him because he looks Einsteinian!

Phishing in Romania (2007-2009)

• 2007 – 7 attacks• 2008 – 26 attacks (50% targeting the same institution)• 2009 – 187 attacks already (98% targeting the same

institution)• 2009 – 1’st ½ … anyone want to make a prediction?

Don’t be fooled by randomness!

Now… why would anyone start phishing?

– With the current market turmoil, what's the easiest way to make a small fortune?

– Start off with a large one!

• Quote of the day (from a trader): "This is worse than a divorce. I've lost half my net worth and I still have a wife

• This market stinks so bad…that even Chuck Norris can’t make any money.

Well… I bet not anybody can phish!

Really… is must be more than this!!!

1. Open the yellow pages and pick someone 2. Search his name using a social media search-engine3. If any SN profile found

1. Download images, posts, comments, friend 2. Create a phishing attack customized for this exact person.3. Continue with his friends

4. Complicated? Too much work? Dial 1-800 BOTNET for an army of computers to do this for you

PS: (success comes when the victim has profiles on more than one social network)

Current BitDefender Approach

• Technologies:• RBL• Website Forgery Detector• Signature Filter• Minutiae Analysis• Image Filter• AntiPharming Module

We protect: Spain, Germany, France, Italy, Romania and US (banks, SN accounts and webmail)…. For now….

The Matrix

We want to believe that this is proactive!

  ebay paypal citybank whateveraccount 2 1 1 2

card 0 1 1 0user 1 1 1 1

password 2 2 2 2phishing 1 1 1 1

ebay 1 0 0 0and so on 2 1 2 1

Ignorance is bliss

• Showing the actual domain on which the page is hosted• Showing the real page that is being forged• Displaying information about the registrar, the

geographic location where the page is hosted and so on.• Requiring user confirmation before continuing loading

the page• Certificates challenge.

• We suggest all that AND, if possible, actually redirecting the user to the desired institution