There is no such thing as good news when it comes to the phenomenon of phishing, which continues to increase as well as innovate on any scale on which it can be even vaguely measured.
Now, suddenly, there are a glut of programs that claim they can do something about it. Its certain that the next version of Internet Explorer will have some form of anti-phishing technology built into its core when it is released next year, but its possible to get a glimpse of how a new generation of anti-phishing tools might work from third-party programs available now.
Two tools that have come to our notice are CallingID, and SpoofGuard from Dan Boneh and John Mitchell of the Stanford Security Lab. Another example of this type is the Netcraft toolbar for Internet Explorer and Firefox.
These programs use a mixture of domain analysis (checking domain registrations using a number of criteria and from a number of sources) and session analysis (whether, for instance, a site uses properly encrypted communications). Spoofguard is interesting in that it allows users to set the sensitivity of checking using various parameters.
Today, it is pretty easy to spot phishing sites using such tools, as none of them can hide from even tests as simple as these. By next year, running a browser without such protection will look as odd as firing up a PC and not loading an anti-virus program.
Who was is that said browsers were supposed to be simple? They've been getting steadily more complex in recent years, and this is another layer of code to add to that trend. We just pity those legitimate businesses that happen to be run from Russia, because that is one domain that scores very low on these programs.