Fighting Phish with Monkeyspaw

Once the software is all installed, a pop-up console comes up when you click on a phishing link, showing not just the URL but the host server of the offending site. You can then report it by clicking a check box.

A unit of 3Com in Singapore has announced a very interesting anti-phishing tool, which it has released as open source.

TippingPoint says the tool, called Monkeyspaw, is for security professionals only, but I can see a lot of other people making use of it.

Author Tod Beardsley explains that the tool is a Greasemonkey script that runs on Firefox. It was originally written for the BlackHat conference, as a demonstration of Greasemonkey's use in an AJAX-ish information gathering environment.

Once the software is all installed, a pop-up console comes up when you click on a phishing link, showing not just the URL but the host server of the offending site. You can then report it by clicking a check box.

Imagine what this can do in the war on spam generally. Imagine what it can do in all sorts of criminal investigations. It sounds like a real open door against all kinds of things.

What do you think of it?