Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Sandra Cheng (Product Manager)




    We have released a research paper titled Email Correlation and Phishing. This paper describes, in some detail, how we use data correlation techniques to identify the “correct” senders of messages, which allows us to help identify spammers and spam/phishing messages and block them accordingly.

    These techniques are very useful in detecting phishing messages that try to pose as legitimate messages by organizations. In this regard, not only is it useful in targeting “conventional” phishing attempts, it may also be able to detect and block more targeted threats aimed at organizations that use the same tactic.

    These steps and techniques are necessary as spam and phishing techniques continue to improve. In particular, these phishing messages are very difficult to detect using techniques based on content, and both IP blacklists and email authentication, while useful have certain limitations. The techniques described in the paper are a useful addition to our existing tools, and demonstrate our expertise both in big data and today’s threats.

    The full details of these techniques can be found in the paper Email Correlation and Phishing.

     
    Posted in Spam | Comments Off



    Phishing has always been one of the most common e-mail threats, but it has now become a fairly difficult threat to detect and block. As we noted earlier in the year, the content of phishing emails has become essentially identical to legitimate messages.

    From the point of view of blocking and detecting email based on content, this is a serious issue. Because they are so similar to legitimate emails, any pattern likely to detect these phishing messages is also likely to detect many legitimate messages. This would raise the number of false positives to unacceptable levels.

    Detecting phishing emails based on analyzing URLs also presents a challenge because phishing sites are going down very quickly after they go online. According to the Global Phishing Survey report for the first half of 2012 that was released by the Anti-Phishing Working Group, the average uptime of a phishing site is now down to below 24 hours, with the median uptime just below six hours. This means that there is now relatively limited time to analyze and detect malicious sites, potentially reducing the effectivity of URLs for detecting phishing messages.

    Read the rest of this entry »

     
    Posted in Spam | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice