Author Topic: Phishing Sites  (Read 37432 times)

Online wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5432
Phishing Sites
« on: July 04, 2012, 12:43:57 AM »
I was just wondering how powerful siteinspectors detection capabilities are for phishing sites? has anyone tested them out. Does siteinspector have its own detection capabilities or does it just check with google etc for advisories

With the many sites i tested it did not detect them.

http://siteinspector.comodo.com/public/reports/4791939
http://siteinspector.comodo.com/public/reports/4791965
http://siteinspector.comodo.com/public/reports/4791969
http://siteinspector.comodo.com/public/reports/4791985
http://siteinspector.comodo.com/public/reports/4792000

| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2975
    • Suspicious file?
Re: Phishing Sites
« Reply #1 on: July 04, 2012, 07:23:11 AM »
During checking SI is looking for some public blacklists like phishtank.

Offline vadim

  • Comodo's Hero
  • *****
  • Posts: 332
Re: Phishing Sites
« Reply #2 on: July 04, 2012, 08:09:24 AM »
I was just wondering how powerful siteinspectors detection capabilities are for phishing sites? has anyone tested them out. Does siteinspector have its own detection capabilities or does it just check with google etc for advisories


Just third-party services for now, like PhishTank, Urlblacklist etc.

We plan to build Comodo users feedback (votes) sub-system in the future.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Online wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5432
Re: Phishing Sites
« Reply #3 on: July 04, 2012, 02:23:40 PM »
During checking SI is looking for some public blacklists like phishtank.

im surprised SI didnt detect these phishing sites since i got all them from phishtank.

thanks
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Online wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5432
Re: Phishing Sites
« Reply #4 on: July 04, 2012, 02:24:50 PM »
Just third-party services for now, like PhishTank, Urlblacklist etc.

We plan to build Comodo users feedback (votes) sub-system in the future.

thanks for the answer, sounds like a great addition to SI
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline vadim

  • Comodo's Hero
  • *****
  • Posts: 332
Re: Phishing Sites
« Reply #5 on: July 05, 2012, 03:38:24 AM »
im surprised SI didnt detect these phishing sites since i got all them from phishtank


Some of these sites already detected as phishing by SI:
http://siteinspector.comodo.com/public/reports/4807198
http://siteinspector.comodo.com/public/reports/4807115

The others are not confirmed by PhishTank or by other trusted system yet.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Phishing Sites
« Reply #6 on: July 05, 2012, 09:38:00 AM »
Just third-party services for now, like PhishTank, Urlblacklist etc.

We plan to build Comodo users feedback (votes) sub-system in the future.
Can you please let me know exactly which lists it uses?

Thanks.

Offline vadim

  • Comodo's Hero
  • *****
  • Posts: 332
Re: Phishing Sites
« Reply #7 on: July 06, 2012, 08:02:59 AM »
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.


Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1162
Re: Phishing Sites
« Reply #9 on: October 31, 2012, 11:04:04 PM »

Offline vadim

  • Comodo's Hero
  • *****
  • Posts: 332
Re: Phishing Sites
« Reply #10 on: November 01, 2012, 02:51:22 AM »
are you guys planning to use more 3rd party black list

Yes, we plan to expand such sources.  One of the interesting source we plan to use is a Yandex Safe Browsing:

http://api.yandex.com/safebrowsing/
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline victorh2007

  • Newbie
  • *
  • Posts: 12
Phishing Sites - how to improve detection - a suggestion
« Reply #11 on: February 09, 2013, 01:53:41 PM »
As a CIS user I miss a friendly way to give feedback to Comodo about the phishing sites I come across.
I'd like Comodo could count with a service like Phishtank where I can log and send samples of Phishing sites.
PCMag has recently reviewed both CIS Premium and CIS Complete showing excellent results.
But at the same time they criticized Comodo for the poor detection of phishing sites, specially the new ones.
Comodo counts with millions of users around the world and could easily ask them to send samples of phishing sites through an online form that certainly would improve a lot CIS detection rates of this kind of threat. This information can also improve detection of Comodo DNS secure service.
Well, this is my suggestion as a Comodo fan!


Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2975
    • Suspicious file?
Re: Phishing Sites
« Reply #12 on: February 09, 2013, 02:46:58 PM »
Hello,
if you come accross any phishing site that you would like to submit, then:

1. scan it with Comodo WebSite Inspector ( http://app.webinspector.com/ )
2. If it is not detected, submit it as a Phishing site. ( http://i.imgur.com/Lwk0ErL.jpg )
3. WI blacklists ( http://app.webinspector.com/recent_detections ) are used to feed DNS blacklists. Probably, after that, Comodo Secure DNS should be blocking that site (if maliciousness of that site will be approved by Comodo's analyst).
« Last Edit: February 09, 2013, 03:34:40 PM by morphiusz »

Offline victorh2007

  • Newbie
  • *
  • Posts: 12
Re: Phishing Sites
« Reply #13 on: February 09, 2013, 03:05:45 PM »
Hello,
if you come accross any phishing site that you would like to submit, then:

1. scan it with Comodo WebSite Inspector ( http://app.webinspector.com/ )
2. If it is not detected, submit it as a Phishing site. ( http://i.imgur.com/Lwk0ErL.jpg )
3. WI blacklist ( http://app.webinspector.com/recent_detections ) are used to feed DNS blacklists. Probably, after that, Comodo Secure DNS should be blocking that site (if maliciousness of that site will be approved by Comodo's analyst).

Thanks a lot for having replied my question very fast!:)
I'll follow your instructions from now on!
It is a pleasure to help Comodo and its team. I'll try my best to help you as much as I can notifying you about phishing sites and malwares not detected by Comodo Internet Security.

All the best for you!

Offline Black Angel

  • Comodo's Hero
  • *****
  • Posts: 286
  • Virus Hunter
Re: Phishing Sites
« Reply #14 on: November 10, 2013, 11:12:12 AM »

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek