Americas

  • United States
ellen_messmer
Senior Editor, Network World

VeriSign announces security, anti-phishing services

News
Jun 28, 20043 mins
MalwareNetworking

VeriSign this week plans to announce two sets of services to combat spam as well as fraud caused when criminals set up phony Web sites that mimick legitimate ones to gain victims’ personal data.

VeriSign this week plans to announce two sets of services to combat spam as well as fraud caused when criminals set up phony Web sites that mimick legitimate ones to gain victims’ personal data.

The company on July 12 expects to begin offering an anti-spam and anti-virus filtering service, like those offered by competitors such as Postini, says Chad Kinzelberg, vice president of Secure Sockets Layer and VeriSign Security Services.

Customers of the VeriSign E-Mail Security Service redirect corporate e-mail to mail servers hosted in VeriSign data centers, including those in Mount View, Calif., and Dulles, Va., to have their e-mail scanned. No software is required.

The anti-spam/anti-virus filtering will cost from $1 to $3 per user, per month. The service will be based on licensed anti-virus engines from Symantec, Trend Micro and Sophos, and the FrontBridge anti-spam engine.

Kinzelberg says VeriSign will try to duplicate the load-balancing measures it takes in maintaining domain-name servers.

VeriSign also is branching out to provide anti-phishing consulting, monitoring and response for corporations combating the proliferation of fake Web sites that look like real sites. Phishing sites trick victims into entering personal information, usually after they receive an e-mail instructing them to go to the fraudulent Web site.

Under the service – based on customer-specific pricing but expected to run into the thousands of dollars per month – VeriSign will closely watch for registration of Web site domain names that could be phishing sites. VeriSign immediately will notify corporate customers of scams and ISPs hosting the fake Web sites.

“We’ll work with the customer, law enforcement and the ISP to shut it down,” Kinzelberg says, adding that VeriSign doesn’t have the legal power to simply yank use of the domain name.

According to eBay Chief Security Officer Howard Schmidt, the phishing problem probably can be remedied through changes in the Web browser that Microsoft plans to make by year-end. This is expected to make it easier for the user to understand site validation performed through the digital-certificate checking process.

VeriSign says there still is room for its anti-phishing service even if this best-case scenario occurs and the Microsoft fix that Schmidt is alluding to works.

“I hope he’s correct,” says Kinzelberg, noting that VeriSign, a digital certificate provider, also is involved with Microsoft on this effort. But even if the software change works, there probably are 450 million browsers in use today, and not all of them will get this upgrade, he says.