Runet launches automatic phishing search engine
Domains. Ru and .rf sites of attackers will be delineated
Photo: REUTERS / Wolfgang Rattay
The center for responding to computer incidents Ru-Cert launches an automatic search engine for phishing sites in domain zones .ru and .rf, writes Izvestia. Domain domains found to distribute dangerous content will be delineated.
')
“Our task is not to wait for a complaint from a user who has already suffered,” he visited a fake page, for example, Sberbank and entered his personal data there, after which his credit card number was leaked to fraudsters, “but try to find such pages.” Our system analyzes some parameters of the web page and tries to determine whether this is phishing or not, ”said Ru I Cert’s representative Dmitry Ippolitov.
He believes that malicious content appears on sites for several reasons. The first is hacking the “white” site and placing malicious content on its pages. In this case, Ru-Cert plans to inform the hoster and resource administrators about the incident, without taking further steps.
But the creation of "black" phishing sites is punishable. Such resources are planned to be eliminated without delay. “For example, a fake Sberbank website was created, whose address was written with one modified letter. Such a domain can be immediately separated, as it is specifically registered for illegal activities, ”says Ippolitov.
And many organizations, both governmental and commercial, can now split domains. For example, it is possible to segregate a domain in RuNet on the basis of a written decision of the head of the body that carries out operational investigative activities. We are talking about the management of the "K" Ministry of Internal Affairs and the Prosecutor General's Office.
Also, such domains can be split by authorized organizations that have entered into an agreement with CC. Such organizations include the Kaspersky Lab company, Group-IB, the regional public organization Center for Internet Technologies (ROCIT), Ru-Cert, and the Non-profit Partnership League for the Safe Internet.
As for phishing, attacks of this type are very common in the Russian Federation. “We cannot disclose the exact figure [how many phishing sites were found that year], but the bill goes to millions of pages per year. Phishing pages aimed at Russian-speaking users can be located in any domain zone, not necessarily .ru. At the same time, in 2015, 148.4 thousand attempts to switch to phishing pages were prevented on computers of users of Kaspersky Lab products, of which 26.4 thousand in Russia, ”said a content analyst at Kaspersky Lab.
As for the phishing site search system itself, the project has no technical details yet. Experts believe that creating such a platform from scratch is a long and expensive business. Most likely, the system will be created on the basis of a publicly accessible search engine (for example, Yandex).
Photo: REUTERS / Wolfgang Rattay
The center for responding to computer incidents Ru-Cert launches an automatic search engine for phishing sites in domain zones .ru and .rf, writes Izvestia. Domain domains found to distribute dangerous content will be delineated.
')
“Our task is not to wait for a complaint from a user who has already suffered,” he visited a fake page, for example, Sberbank and entered his personal data there, after which his credit card number was leaked to fraudsters, “but try to find such pages.” Our system analyzes some parameters of the web page and tries to determine whether this is phishing or not, ”said Ru I Cert’s representative Dmitry Ippolitov.
He believes that malicious content appears on sites for several reasons. The first is hacking the “white” site and placing malicious content on its pages. In this case, Ru-Cert plans to inform the hoster and resource administrators about the incident, without taking further steps.
But the creation of "black" phishing sites is punishable. Such resources are planned to be eliminated without delay. “For example, a fake Sberbank website was created, whose address was written with one modified letter. Such a domain can be immediately separated, as it is specifically registered for illegal activities, ”says Ippolitov.
And many organizations, both governmental and commercial, can now split domains. For example, it is possible to segregate a domain in RuNet on the basis of a written decision of the head of the body that carries out operational investigative activities. We are talking about the management of the "K" Ministry of Internal Affairs and the Prosecutor General's Office.
Also, such domains can be split by authorized organizations that have entered into an agreement with CC. Such organizations include the Kaspersky Lab company, Group-IB, the regional public organization Center for Internet Technologies (ROCIT), Ru-Cert, and the Non-profit Partnership League for the Safe Internet.
As for phishing, attacks of this type are very common in the Russian Federation. “We cannot disclose the exact figure [how many phishing sites were found that year], but the bill goes to millions of pages per year. Phishing pages aimed at Russian-speaking users can be located in any domain zone, not necessarily .ru. At the same time, in 2015, 148.4 thousand attempts to switch to phishing pages were prevented on computers of users of Kaspersky Lab products, of which 26.4 thousand in Russia, ”said a content analyst at Kaspersky Lab.
As for the phishing site search system itself, the project has no technical details yet. Experts believe that creating such a platform from scratch is a long and expensive business. Most likely, the system will be created on the basis of a publicly accessible search engine (for example, Yandex).
Source: https://habr.com/ru/post/357110/
All Articles