If kaspersky held a database of all real banks, and certain key phrases, then it could probably get a 100% rate of detection on phishing bank sites. You could probably do a deal with the banks to submit to them statistics and locations of server clusters that are faking there sites, im sure banks would financially support such a program. Also by using the cloud more and more it could lower kaspersky's overall system resources need.
I wont name them but im sure kaspersky is aware one company now makes a beta cloud av.
I dont think a full cloud av, but iswift technology could work incredibly well in "the cloud", program checksums could be greatly condensed, and sped across the net, kaspersky would then only need to checksum most programs. Any it didnt recognise could be scanned by traditional methods. (this would reduce the requirement for updates, making running costs actually lower.)
Full Version: kaspersky cloud antivirus & anti phishing
Kaspersky Lab Forum > English User Forum > Suggestions for current and future versions of KL products
Hi again, is this the start of another flood of ideas? Kaspersky is already into cloud comp! 
It's not quite as easy as you (always) think it is btw, but no doubt Clouds will have a much bigger place in the next one couple of years.
It's not quite as easy as you (always) think it is btw, but no doubt Clouds will have a much bigger place in the next one couple of years.
No not a flood of ideas 
Im thinking more along the lines of rather than wait for someone to spot a fake bank login, by knowing the real ones, it could be made far more accurate, iswift would definately make it quick too.
( i didnt mention popping up the keyboard lol )
But its only an idea, and security improvements are a good thing
Im thinking more along the lines of rather than wait for someone to spot a fake bank login, by knowing the real ones, it could be made far more accurate, iswift would definately make it quick too.
( i didnt mention popping up the keyboard lol
)But its only an idea, and security improvements are a good thing
i don't think you know what iswift is....it has nothing to do with phishing sites, and kaspersky has a cloud too.
QUOTE(Lucian Bara @ 14.07.2009 14:29) 
i don't think you know what iswift is....it has nothing to do with phishing sites, and kaspersky has a cloud too.
Actually i do lol, but i didnt want to write too technical a post, a checksum will just mark the site as phishing, the iswift would be adapted to knock the site off the database when its no longer a phishing site. it wasnt designed for that i know, but it would work.
in regards to cloud i meant a full cloud av, i know kaspersky uses the cloud for some of its features, but you cant install just a kaspersky shell and do the actual scan in the cloud.
What my thinking is, the phishing sites are usually knock offs of the banks and payment gateways login pages, as thats the data there after, if a user hits one it gets marked, added to the database, which is then checked according to kaspersky's iswift alog, so not only is it on demand, kaspersky would be scanning passively for phishing, when speeds / bandwidth improve that could even mean kaspersky scans the web itself, based on user habits.
By doing it side by side, because no one wants to wait for a page to load, phishing sites could be caught before they were ever known. Others would be found on the "fly" but because the net changes and pages do change, it scans it more than a single time, hence iswift
it was never designed for it, but it would make one awesome weapon against phishing, then malware etc.
like i said you don't know how iswift works. iswift uses ntfs identifiers and guess what....a webpage doesn't have ntfs identifiers.....
it does query the cloud, during scan, you may actually see some cloud verdicts for certain files.
it does query the cloud, during scan, you may actually see some cloud verdicts for certain files.
iSwift!=KSN (Kaspersky Security Network)
http://support.kaspersky.com/faq/?qid=193239261
http://support.kaspersky.com/faq/?qid=193239261
I know how iswift works lol, im not meaning to actually use iswift itself, i meant an adaption.
Maybe this might help make it a bit clearer, perhaps me saying iswift just makes it confusing.
The program would scan the web and find phishing sites.
At some point that site would either be removed or be changed etc.
The program would know to recheck the site every so often.
Because the phishing sites are copying banks, its possible to tag the actual html etc.
If a user then enters a url kaspersky can then say "thats a phishing website - do you want to launch browser?"
The key points would be its scanning for phishing by itself without users actually going to any websites.
Its identifying the websites by tagging the pages themselves and adding them to its own database
when the user types a url, kaspersky can intercept that, for example www.somewebsite.com/fake_ban... kaspersky would have begun checking the database at .com/fake ... as it knows say Barclays, so entering barclays as a url would trigger kaspersky to check the database for urls matching etc.
or if a user has login.paypal.com kaspersky will redo the url to the real website, etc etc...
But its not just about finding them, its to monitor them as well so the database is keeping fairly accurate, so a url might get checked 3 times with the fake bank and alerts issued the bank vanishes the database removes the link, but continues to check every so often.
For speed use the existing technology, but make it so it can do that instead too
on a phishing website there is always some key area's that give it away:
There always on the wrong url
There most likely to be linked from an email
They name a known worldwide bank
They copy certain pages.
As a url there fairly static, especially for a security product to scan, because there code it is possible to detect them but it just means using existing programs and changing them enough to provide the methods.
Even tho iswift and ichecker are not designed to do it, its the same principals as those, not the same tech tho, which is where i began lol. All it needs to do is spot the site, log it, alert any kaspersky user that there typing it in or clicking on it, and then to check it later a few times to either remove it once its gone, or to keep the database in order.
Maybe this might help make it a bit clearer, perhaps me saying iswift just makes it confusing.
The program would scan the web and find phishing sites.
At some point that site would either be removed or be changed etc.
The program would know to recheck the site every so often.
Because the phishing sites are copying banks, its possible to tag the actual html etc.
If a user then enters a url kaspersky can then say "thats a phishing website - do you want to launch browser?"
The key points would be its scanning for phishing by itself without users actually going to any websites.
Its identifying the websites by tagging the pages themselves and adding them to its own database
when the user types a url, kaspersky can intercept that, for example www.somewebsite.com/fake_ban... kaspersky would have begun checking the database at .com/fake ... as it knows say Barclays, so entering barclays as a url would trigger kaspersky to check the database for urls matching etc.
or if a user has login.paypal.com kaspersky will redo the url to the real website, etc etc...
But its not just about finding them, its to monitor them as well so the database is keeping fairly accurate, so a url might get checked 3 times with the fake bank and alerts issued the bank vanishes the database removes the link, but continues to check every so often.
For speed use the existing technology, but make it so it can do that instead too
on a phishing website there is always some key area's that give it away:
There always on the wrong url
There most likely to be linked from an email
They name a known worldwide bank
They copy certain pages.
As a url there fairly static, especially for a security product to scan, because there code it is possible to detect them but it just means using existing programs and changing them enough to provide the methods.
Even tho iswift and ichecker are not designed to do it, its the same principals as those, not the same tech tho, which is where i began lol. All it needs to do is spot the site, log it, alert any kaspersky user that there typing it in or clicking on it, and then to check it later a few times to either remove it once its gone, or to keep the database in order.
Internet Explorer 7/8 already has URL highlighting feature and Smart Screen filter. Also legdimate sites use SSL with extended validation, which turns the whole bar green, if the site is ledgidimate. Version v2010 have enhance Hueristics funtionality, which target IFRAME redirections.
ie8 phishing isnt great lol, plus im using firefox for here but opera for most sites "security through obscurity"
I still think it would make an awesome addition tho, I do agree browsers are doing a bit to deal with phishing, but they only work with whats known, this could deal with anything unknown as long as its not the actual bank
The nets changing too fast these days, the damands on the av/firewall are becoming increasingly complex, i think in the next 5 to 10 years they probably will be scanning the net, with a possible new transport protocol too.
£5 bet they introduce something similar lol.
I still think it would make an awesome addition tho, I do agree browsers are doing a bit to deal with phishing, but they only work with whats known, this could deal with anything unknown as long as its not the actual bank
The nets changing too fast these days, the damands on the av/firewall are becoming increasingly complex, i think in the next 5 to 10 years they probably will be scanning the net, with a possible new transport protocol too.
£5 bet they introduce something similar lol.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.