October 11, 2006

Intrusion prevention provider TippingPoint announced on Oct. 9 it has developed Monkeyspaw, an open-source phishing research tool that can check websites for their legitimacy, but report fraudulent sites.

TippingPoint says Monkeyspaw works with other open-source tools such as Mozilla's Firefox.

It can determine the owner of a particular Web server, collect Web server configuration information, determine the location of a site and report fraudulent sites to nearly 50 international organizations, including the Federal Bureau of Investigation, Anti-Phishing Working Group, Korea Information Security Agency and the Australian Computer Emergency Response Team.

"TippingPoint is contributing Monkeyspaw to the public to help investigators analyze and report phishing and other malicious Web sites," says Tod Beardsley, Monkeyspaw creator and lead counter-fraud engineer at TippingPoint.

"By enabling security professionals and end users to easily validate Web sites and report fraudulent sites, we hope to make the Web a safer place."

TippingPoint believes through the open source community, the Monkeyspaw framework can receive extended testing and development. Users are encouraged to suggest and implement useful features, such as additional reporting capabilities, advanced analysis techniques and extended cross-correlation.

Source: The WHIR