Anonymizer Offers Phishing Defense

Internet privacy and security company Anonymizer Inc. has released an upgrade of its identity-protection software, Anonymizer 2005, to defend against a particularly insidious form of phishing that's been on the rise over the past few months.

"This kind of phishing is different from the kind you usually see," says Lance Cottrell, president and founder of Anonymizer. The Anti-Phishing Working Group, an association of businesses and law-enforcement organizations, calls it "pharming."

Phishing attacks traditionally rely on social-engineering techniques to dupe users into clicking on disguised links that take them to phony bank sites set up to capture sensitive information. Pharming, or "host-file phishing," relies on Trojans, worms, or viruses, some of which attack programs like Microsoft Outlook through E-mail. Once a machine is infected, the malware alters the computer's host file so that when a user types in the Web address for his or her bank, the browser sends the user to the phisher's fake bank site.

This technique takes advantage of the fact that banks have been telling customers to type their Web addresses into browsers manually rather than clicking on links to avoid a phishing scam.

Host-file phishing can usually, but not always, be prevented with antivirus or anti-spam software or hardware, which blocks the malware that alters the host file. Disabling Windows Scripting Host, a common procedure for security-conscious businesses, also offers some measure of protection by preventing potentially hostile Visual Basic Scripts sent as E-mail attachments from executing. But once a computer gets infected and its host file gets altered, defense can be difficult.

Anonymizer's software solves this problem by redirecting the user's Web traffic through its servers and resolving domain names there, rather than using a compromised host file. And, as its name suggests, Anonymizer 2005 encrypts the user's Web traffic and conceals the user's IP address so that advertisers and Web sites can't track the user.

The announcement of Anonymizer 2005 coincides with National Consumer Protection Week, as designated by the Federal Trade Commission.