New Tool Hunts Phishers

Ben Jackson's goal is to stymie people who develop phishing sites -- misleading Web sites designed to steal people's personal information.

Jackson, a 26-year-old developer from New Bedford, Massachusetts, who works for the Massachusetts Department of Public Health, is spending his spare time on a Web-based application called Crows Nest. It's designed to alert users when newly-registered domain names that are likely to be used as phishing sites go live on the Internet.

"I just want to get these [phishing] sites down," said Jackson, who has a Web site, Mayhemic Labs.

Right now, Crows Nest is still under development as Jackson refines its features. But when it's complete, Crows Nest could be a clever weapon in the fight against phishing.

A phishy-looking domain such as "www.ebay-customer-survey.com" might be registered for weeks before it ever goes live. Jackson has engineered Crows Nest to use reports from Name Intelligence Inc.'s Mark Alert, a paid service that sends e-mail notifications when a new domain name is registered that contains certain keywords.

Jackson let IDG News Service have a sneak preview of Crows Nest, which is accessible through a Web browser.

Crows Nest uses tabs to group domain names with certain keywords. It also ranks them in the order of their likelihood of being a phishing site. It checks the domain names using a Perl script every six hours to see if the site has gone live and notes the last time a check was performed. Other tools include a one-click lookup of the domain in the Whois directory and the name of its registrar.

Jackson acknowledges that Crows Nest isn't perfect, as the application doesn't directly stop a phishing site from going live. But "basically the goal of this is to try to catch the phishing site before it actually goes live or just after it goes lives so there are no credentials lost," he said.

It's possible for hosting providers to never let a phishy site go live, Jackson said. But when one is activated, it's a race between the phishers and security analysts. The phishers want to trick people into visiting the site and divulging their details, such as log-ins and passwords. Web site watchers race to contact the hosting service to shut the phishing site down.

Phishing sites are one of the biggest menaces to Internet users. U.S. consumers lost US$198.4 million due to online fraud in 2006, according to a recent report from the National White Collar Crime Center and the U.S. Federal Bureau of Investigation.

"The harder we make it for these people who are doing these things, the happier I'll be," Jackson said.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon