The vigorous development of Internet technologies in the past decade, the advent of a large number of devices transmitting data via the Internet (such as personal computers, notebooks, tablets, mobile telephones, and so on), and also the ease and convenience of their use has led to a large number of people using the Internet in their daily affairs, whether to obtain information, access bank accounts, make purchases, read email, visit social networks, for entertainment, and so on. Often when working on the Internet (such as when purchasing goods, transferring money, accessing website requiring registration, and so on) the users need to transmit their confidential information to external servers (such as credit card and bank account numbers, passwords to account records, and so on), the very information on the safety of which the financial security of the users depends.
The tremendous number of users of the Internet has become a motive for increased activity of hackers, who gain access through various techniques and methods to the confidential information of the users in order to steal data for further use for their own purposes. One of the most popular methods is the so-called phishing, i.e., gaining access to confidential information of a user by sending out messages in the name of popular brands, personal messages within various services (such as social networks or instant messaging systems), and also creating and registering with search services of sites that claim to be the legitimate sites of banks, Internet magazines, social networks, and so on. The email or message sent by the hackers to users often contains links to malicious sites that are externally indistinguishable from the real ones, or to sites from which a transfer to malicious sites will occur. After the user ends up on the counterfeit site, the hackers use various social engineering methods and try to encourage the user to enter his or her confidential information, used for access to a particular site, which lets the hackers gain access to bank accounts and other accounts. Besides a onetime revelation of their confidential information, the users risk downloading from such a counterfeit site one of the malware applications carrying out a regular collection of information from the victim computer and transmittal to the hackers.
In order to deal with the above-described hacking method, technologies are used to reveal phishing messages (such as in email) and also counterfeit sites. For this, a search is performed in the messages for data used for phishing (such as characteristic images, message formation techniques, especially scripts contained in messages, and so forth), for which libraries of trusted and untrusted addresses of sites, phrasing templates from phishing messages, and so forth are used. One of the examples of the above-described approach is to search for data being used for phishing by similarity of signatures or logs of behavior with previously found data used for phishing. Upon discovering the presence of a suspicious object, the user is informed of the potential danger.
Although the above-described methods are good at solving certain problems in the area of detecting phishing (especially phishing scripts) on the basis of an analysis of known phishing methods and types of data used for phishing, they are often no help with new approaches to the use of phishing, or new types of data used for phishing.