A new advisory from the Anti-Phishing Working Group (APWG) offers advice to website owners on what actions to take when notified that their site or server has been compromised for use by phishers.
At 18 pages, it’s a substantial high-level document, including:
So, a useful document dealing with an aspect of the phishing problem that receives far less attention from the media than the phishing emails that are all too visible to the everyday user. My only suggestion is that rather than pitching this as reading material for a site that’s just been compromised, APWG might consider pushing it as something to read before a compromise takes place: it would actually be a sound basis for establishing strategies and policies to mitigate future attacks.
If you’re in a position where you might need to know this stuff to deal with a compromise on your site, I’d suggest that you read it (and check out the resources it contains) now and start planning. Sometimes it pays to have your shields up before the enemy opens fire.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence