PhishBouncer — BBN’s Interesting Anti-Phishing Project

We recently heard from BBN Technologies about its research project to protect users from phishing. Known as PhishBouncer, it employs a cocktail of interesting techniques to protect users from phishy Web sites. (Internet old-timers may remember BBN as Bolt Beranek and Newman, where ARPANET packet switching was invented.)

PhishBouncer acts as a Web proxy, working reactively to keep an eye on the sites that users visit. It also works proactively to sniff out suspicious sites. Here are some of the more interesting techniques used:

  • Has the site's domain name been registered recently, or is it an established DNS entry?
  • If the site has an SSL certificate, is it suspicious? For example, is it issued by an unusual authority, such as a U.S. bank's certificate being signed by a Russian issuer.
  • Has the SSL certificate changed recently?
  • Does the site steal images from a different domain?
  • Does the site accept bogus login details?
  • Has the site's IP address changed recently?

If the cocktail of checks points to a phishy site, PhishBouncer warns the user that he or she may be in danger of being phished, but still allows the user to explicitly ignore the warning by pressing a Continue button -- good idea. PhishBouncer also tells the user why it thinks so -- another good idea.

BBN is working with Symantec to turn its research into production-ready code.

... Richi Jennings, with thanks to BBN's Jenifer Chong and Michael Atighetchi

Post a comment

You must be logged in to post a comment. To comment, first join our community.