Oak Ridge National Laboratory
Efforts to combat phishing and fraud online often center around filtering the phishing messages and disabling phishing Web sites to prevent users from being deceived. Two potential approaches to disabling a phishing site are to eliminate the required DNS records to reach the site and to remove the site from the machine itself. While previous work has focused on DNS take-down efforts, the authors focus on determining how long a phishing site remains on a machine after the DNS records have been removed. They find that on the day a site is reported, as many as 56% of phishing sites remain present on the hosting machines even after the DNS records have been removed.