Microsoft inked an agreement with whitelist specialist Digital Resolve on Sept. 5 to help its next-generation Internet Explorer 7 Web browsing software and Windows Live Toolbar application protect users against fraudulent Web sites.
Under the terms of the deal, Digital Resolve, a unit of Digital Envoy, will provide its Trusted Server data feed directly into the two Microsoft products, promising to arm the programs with the latest information about Web sites believed to be operating to support phishing schemes, which typically aim to steal personal data in order to commit identity fraud.
The technology will be used as a source of information for Microsoft’s own Phishing Filter, already built into beta versions of IE 7 and Windows Live Toolbar, and will also be utilized in Windows Internet Explorer 7 for Windows XP Service Pack 2 and in Windows Vista, both of which are still under development and expected to arrive in 2007.
Digital Resolve’s software, which has generally been used by financial services companies to validate their own Web sites and search for phishing attempts launched in their likenesses, uses data mining tools to continually scour the Web for phishing activity.
Once a site is determined by the program to be fraudulent, or even just sufficiently suspicious, its URL is fed directly from Digital Resolve into users’ browsers.
When a user attempts to direct a browser toward a questionable Web site, the software provides a warning prompt.
The Trusted Server tools in Microsoft’s Phishing Filter will be turned on as default protections in the products that carry them, company officials confirmed.
While many traditional anti-phishing technologies use blacklists of suspicious sites to help block user access to fraudulent URLs, Digital Resolve’s tools instead depend upon whitelists of authenticated pages. The system also aims to replace the two-factor image-based authentication technologies being used by banks and other companies with online operations to help customers log onto their sites safely. Putting the onus on businesses and users to protect themselves is unwieldy, and leaves people open to more sophisticated phishing attacks, Digital Resolve executives said.
The anti-phishing software maker has worked with Microsoft previously to help safeguard users of Microsoft’s Xbox Live online gaming network from outside attackers.
“Blacklists have been used for a long time, but this is something more dynamic that was needed to help protect Windows users before fraudulent sites are identified, as using a positive identifying indicators to legitimate sites doesn’t leave any room from a social engineering standpoint,” said David Helsper, vice president of engineering at Digital Resolve, based in Norcross, Ga. “A lot of online vendors are trying to address the authentication problem with images and shared secrets, but this takes the burden away from the companies and end users and puts validation directly onto the desktop.”
Trusted Server specifically addresses so-called man-in-the-middle attacks, an emerging form of phishing in which criminals use spyware or cross-site scripting attacks to place themselves between users and legitimate Web sites to steal personal data. As businesses have improved their site defenses and end users have become more aware of phishing schemes, man-in-the-middle attacks have begun to increase in number, Helsper said.
Another nascent form of phishing the software offers to protect against is the type of attacks built around DNS cache poisoning, through which fraudsters attempt to dupe Web servers into believing they are communicating with legitimate sites when in fact they are being attacked.
“We were impressed with the quality of Digital Resolve’s data feeds, and they have become an important addition to our rich network of data provider partners,” said Alan Packer, product unit manager of the Anti-Phishing Team at Microsoft, based in Redmond, Wash. “This agreement underscores Microsoft’s goal of employing a broad range of data sources from both third parties and end users to help protect customers from the threat of phishing.”
Trusted Server could someday be augmented with an automatic malicious code zapper being developed by Microsoft for future iterations of IE, the world’s most popular browser. Researchers at the software maker are touting a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.
The BrowserShield project—an outgrowth of the company’s Shield initiative to block network worms, and the brainchild of Helen Wang, a project leader in Microsoft Research’s Systems and Networking Research Group—could one day even become Microsoft’s answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.
Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.