Spyware Confidential

Larry Dignan, Jason Perlow, Tom Steinert-Threlkeld
Home / News & Blogs / Spyware Confidential

How about some Fried Phish?

By | March 27, 2006, 9:58pm PST

Fried Phish, otherwise known as PIRT (Phishing Incident Reporting and Termination) was officially launched today, as reported by CNET’s Joris Evers and this press release. I’ve been watching this project get ready for its debut and I must say I’m impressed.  Fried Phish is a joint effort of computer security site CastleCops.com and Sunbelt Software. Here’s how it works. You get a phishing email but do you know what to do with it?  Besides not click on the links, that is. Now there is an easy way to report a phishing email and a staff of trained volunteers to analyze it, confirm whether or not the phishing site is still alive, and report it to the proper agencies and ISPs.

Now you can go to the PIRT site and follow the instructions on now to report your phish.  There are detailed instructions on how to view the email source (the html code) with different email clients and detailed instructions for how to copy and paste the source and phishing URL into the tool. (Phryer?)

The staff will analyze the email and confirm the phish, notify the appropriate agencies, contact ISPs and do whatever is possible to have the phishing site shut down.  Confirmed phish are posted here.  A topic is posted in the forum by the handler for each phish, as seen here, and a list of terminated phish is here. The Fried Phish forum already has 13 pages of posts.

I suggested they call it Phried Phish, but no one listened… At any rate, I think this is a great community effort.  If anyone is interested, they are recruiting handlers.

Note that phishing is done not only by email — there are trojans (downloaded in exploits with spyware and adware), that can spawn what looks like a bank site or login window on a user’s desktop, monitor keystrokes, thus stealing login data, and email or FTP that data to a remote server.  See Troj/Banker-ER and Troj/Banker-EQ.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Spyware Confidential”

Topics

Biography

Suzi Turner is webmaster and owner of SpywareWarrior.com, a comprehensive site that includes a spyware help forum, spyware blog and reviews of anti-spyware software by noted spyware expert Eric L. Howes. Suzi became angry about spyware in 2002 after being infected by a drive-by-download of a browser hijacker and unwanted adware/spyware and decided to help others in the same predicament. In April 2005, Microsoft awarded Suzi its MVP (Most Valued Professional) Award in recognition of her work to help internet users protect their privacy by removing and preventing spyware. Suzi is also a nurse for a national disability management company.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
7
Comments
Add Your Opinion

Join the conversation!

Just In

More Phun Thoughts
gwrigg 29th Mar 2006
Mrs. Smith had actually applied for the "Teacher in Space" program with the Space Shuttle (ca. 1984). While I'm sure she would have done a wonderful job for NASA, in the light of subsequent events (i.e., the Challenger explosion) I was relieved she didn't make it.

Even though in physics I got the one and only D of my high school career, that was one of my favorite classes. That D was one of the main factors in my deciding to major in technical communications instead of computer science when I went off to college. Later, I got a Master's in MIS, and here I am now making a living in the IT field. Talk about coming full circle!

Apologies for cluttering the comments with all this autobiographical stuph, errr, stuff ... "phried phish" got my memories phlowing pretty phar back!
View in thread
0 Votes
+ -
Pried Phish did you say?
Ikester_z 28th Mar 2006
One interesting aspect is the public reporting approach. Contributors can submit their Phish and see the results in the Phishing, Fraud and Dastardly Deeds forum and also view the detailed analysis by following the links. Folks can get an education in phish connivance by reading through a few of the reports.

Thanks for helping to bring attention to this effort Suzi. This is a huge task and the need for volunteers can't be overemphasised.

Ikeb - CastleCops SRT, Phishing Squad volunteer
0 Votes
+ -
Phried Phish ... I Like It
gwrigg 28th Mar 2006
My high school physics teacher had a poster in her classroom that read, "Physics is Phun." Since our class had several jokesters in it, and Mrs. Smith (not her real name), was the kind of teacher that could take a joke, the poster ended up aquiring handwritten additions such as "It's not phun iph you phlunk!"

Since Mrs. Smith also taught German, she was also known to her physics students as "Phrau Smith." Another addition to the poster was "Phrau Smith phries phresh phish phor breakphast."

Thanks phor the memories ... happy
0 Votes
+ -
ROPL
Suzi_z 28th Mar 2006
That is, rolling on the phloor laughing. happy

The world probably needs more teachers like Mrs. Smith!
0 Votes
+ -
More Phun Thoughts
gwrigg 29th Mar 2006
Mrs. Smith had actually applied for the "Teacher in Space" program with the Space Shuttle (ca. 1984). While I'm sure she would have done a wonderful job for NASA, in the light of subsequent events (i.e., the Challenger explosion) I was relieved she didn't make it.

Even though in physics I got the one and only D of my high school career, that was one of my favorite classes. That D was one of the main factors in my deciding to major in technical communications instead of computer science when I went off to college. Later, I got a Master's in MIS, and here I am now making a living in the IT field. Talk about coming full circle!

Apologies for cluttering the comments with all this autobiographical stuph, errr, stuff ... "phried phish" got my memories phlowing pretty phar back!
0 Votes
+ -
Fantastic
GABorden 28th Mar 2006
This is great news. I work with Total Team Solutions, LLC, where we get a lot of Phishing email. I have been frustrated in not knowing how to investigate it or send them a stink bomb back. This looks very promising.
0 Votes
+ -
U.S. Govt.
kidtree 28th Mar 2006
The US government has a database of malicious spams. They encourage you to forward any to spam@uce.gov
When I receive spam of phising emails, it's so satisfying to just click Forward and send it off to Spam. But the govt. doesn't claim to prosecute anything; they just keep a database for later reference. These Castle Cops guys sound more aggressive. Thanks for calling them to our attention.
0 Votes
+ -
Others looking to phry phish.
Mr. Roboto 29th Mar 2006
Don't know if you heard or seen it yet, but CipherTrust has a site called [u=http://www.phishregistry.org/]PhishRegistry.org that's also looking for signs of phishing sites.

Maybe the two can combine resources? An alliance to phight the phu..., I mean phishers. wink

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix