The recent super-sophisticated phishing attack against online payment service PayPal was yet more proof that the inability of anti-virus and firewall tools to stop new threats is the worst-kept secret in computer security.
The attack exploited a cross-site scripting flaw, allowing unknown fraudsters to inject a phony warning message and malicious phishing Web site link into a page served by a PayPal secure server.
The attacks have anti-virus stalwarts scrambling to plug the holes in their security armor. Last week, McAfee launched a beta program for Falcon, a new “total protection” suite with SiteAdvisor software to sniff out malicious Web sites. Symantec is also getting into the game, announcing a new transaction security software package this week called Norton Confidential.
Confidential can spot fraud sites using a “block list,” as well as heuristic detection Symantec from Whole Security. It can detect “crimeware” such as keyloggers and online banking Trojans, said Bill Rosenkrantz, director of product management for consumer products at Symantec.
Norton Confidential would not have spotted the PayPal phishing scam, but it would have alerted customers when they landed on the actual phishing site that solicited their log-in information, Rosenkrantz said.
With no way to ensure that customer computers are not compromised, e-commerce and financial services companies are warming to the idea of “risk-based authentication,” said Jonathan Penn, an analyst at Forrester.
A beta release is scheduled for July. Parts of the product will be in the next version of Norton Internet Security. Beyond that, Symantec is planning to port some parts of Confidential to its enterprise end-point security line, Rosenkrantz said.