With any emerging threat there is an ongoing arms race between those who perpetrate the threats and those who work on eradicating them. We’ve seen this happen with spam, where spammers would try to develop new techniques to get their email to pass through spam filters, and, in turn, anti-spam offerings would take these techniques into account in an effort to better recognize (and eliminate) spam.
Phishing is no different. For example, we recently came across an entire phishing Web site that was built using Macromedia Flash. Macromedia Flash (or, just “Flash”) is a very popular technology used to add animations and interactivity to Web pages (though the technology is not necessarily limited to use within Web pages). If you have ever seen a glitzy Web page with nice animation, chances are that the animation was developed using Flash.
This technique is similar to how spammers started using images in emails (in some cases, building the entire email as an image) with the hope that any spam filter that only analyzes text would not be able to make any sense of the email, and would let it pass through with flying colors.
I’d like to remark that the challenge, from the phisher’s perspective, is slightly different from that of a spammer’s. In particular, the phisher must get his victims to interact with the page he creates in a way that does not arouse suspicion, whereas with spam, the only concern is that the recipient actually sees the message.
Also, a good anti-phishing tool will take on a defense-in-depth approach , using multiple “angles” when determining whether a given site is really malicious. This approach is what Symantec uses in the forthcoming Norton Confidential product.
We do not doubt that phishers will continue to develop more sophisticated techniques. Rest assured that we good guys are hard at work developing countermeasures.