informa
/
Perimeter
News

PhishTank Looks to Expand

PhishTank's operators are looking for a few good developers to expand and grow the anti-phishing site

PhishTank, the neighborhood watch Website for phishing exploits, is preparing to cast a wider net.

The community-watch anti-phishing site has opened up the site to developers to help it expand and improve on key features, such as how it reports phishing exploits to affected ISPs.

"I want PhishTank to be the best site it can be," says David Ulevitch, CEO of OpenDNS and the founder of PhishTank. Ulevitch has put out an all-points-bulletin for developers to step up and help carry PhishTank to the next level. (See Phishers Launch Zero-Day Exploits and A First Look Into the PhishTank.)

PhishTank has grown from around 2,400 active members in its first month to more than 10,000 after three months. It's tough to gauge exactly how much PhishTank has made an impact in the phish fight, but PhishTank has found more than 35,000 phishes thus far. It's gotten some key commercial attention as well: PhishTank is integrated into the latest version of the Opera browser; and Mozilla used PhishTank data in its comparison testing of Firefox's anti-phishing feature versus Internet Explorer 7's.

PhishTank's approach is different than other anti-phishing initiatives, because users post fishy items to the indie site, and PhishTank "verifiers" -- which include Ulevitch himself -- determine and vote on whether it's a phish and report back with their results and alerts. This approach lets users and consumers become part of the anti-phishing process.

The downside is it's still a blacklisting strategy, which spammers now bypass using botnets, notes Tod Beardsley, lead counter-fraud engineer for TippingPoint. That has led anti-spam efforts to start conducting more content-analysis to stem spam, he says.

"I like PhishTank, and I like OpenDNS. I know that their product has been working well, and rivals the commercial blacklist services that are out there," he says. But "my hope is that this expansion is really an effort to get going in that analysis direction, since merely expanding the blacklists isn't going to cut it for much longer."

Ulevitch, meanwhile, says the time has come to beef up PhishTank. He's heard rumblings on mailing lists for new features and upgrades, including simplifying the verification process, for instance. "I'm looking for fresh perspectives, so we're bringing in outside folks that might bring in fresh energy and ideas."

Does this mean Ulevitch and OpenDNS would hand off the management of PhishTank to another organization? "We're happy to keep it. But ultimately, PhishTank will be best if a community of people shape its direction and drive its features."

Which "community" might adopt PhishTank? It's not clear. "It's a lot of hassle to build a nonprofit, but there are Internet organizations out there that are good at adopting projects," he notes.

PhishTank is looking for both experienced and newbie developers who want to work on its PHP and MySQL environments, and Ulevitch says he expects this to increase its collaboration with other anti-phishing projects. "We frequently share information with CastleCops," he says. "By opening PhishTank to outside developers, the end result will be more collaboration" with other such initiatives.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • OpenDNS
  • Recommended Reading:
    Editors' Choice
    Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
    Joshua Goldfarb, Director of Product Management at F5