Kaspersky Lab has been awarded a patent in Russia for an innovative system that provides anti-phishing protection. The patent covers a system that determines whether the domain name of a site corresponds with its IP address, thereby blocking cybercriminals’ attempts to redirect users to fake websites.
A typical phishing attack involves the cybercriminals distributing fake emails, allegedly originating from major online banking or social networking organisations. These emails usually request that users provide their confidential data, and contain links to fake websites that mimic genuine ones. Users falling victim to such schemes generally find that the cybercriminals have used their social networking accounts to distribute spam and take money from their online accounts. The cybercriminals may even try to extort money from users in return for control of their hijacked accounts.
To help prevent phishing attacks, it is common to use blacklists of fake websites, or to compare URLs of web pages to which users are redirected with known and authentic web page URLs. The technologies above have their own shortcomings. For instance, comparing the name of a website with a blacklist is not effective against newly created fake addresses, and white listing of authentic web page URLs will not pick up a spoofed IP address for a requested resource.
Kaspersky Lab’s new technology uses advanced techniques that quickly detect phishing websites, redirection to which is automatic and is hidden in the case of a farming attack. During such an attack, a user inserts the URL of an authentic website into their browser, but is surreptitiously redirected to a different IP address where a fake page is located. The technology created by Kaspersky Lab’s Aleksey Malyshev and Timur Biyachuev works by creating a duplicate, safe communication channel. IP addresses and domain names can thus be checked via this channel to ensure that they correspond to each other. As a result, the method provides users with real-time access protection, blocks phishing websites and helps to detect farming attacks. The new technology also enables databases of fake web page addresses that are used in anti-phishing protection modules to be updated promptly.
At present, patent offices in the USA, Russia, China and Europe are examining about one hundred innovative IT security technology patent applications from Kaspersky Lab.