Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta.

Slides:



Advertisements
Similar presentations
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Advertisements

PhishZoo: Detecting Phishing Websites By Looking at Them
TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Threats To A Computer Network
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.
The Internet Useful Definitions and Concepts About the Internet.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Viruses, Phishing and Pharming Megan, Matt, Rishi.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Norman SecureSurf Protect your users when surfing the Internet.
Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
Introduction to Honeypot, Botnet, and Security Measurement
Forensic and Investigative Accounting
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
Research Problems in Information Assurance Talk for the second year DPS students Li-Chiou Chen Seidenberg School of Computer Science and Information Systems.
Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.
Reliability & Desirability of Data
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Fostering worldwide interoperabilityGeneva, July 2009 How to counter web-based attacks on the Internet in Korea Heung Youl YOUM Chairman of Korea.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
How Phishing Works Prof. Vipul Chudasama.
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.
Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Fast Flux Hosting and DNS ICANN SSAC What is Fast Flux Hosting? An evasion technique Goal of all fast flux variants –Avoid detection and take down of.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
    Customer Profile: If you have tech savvy customers, having your site secured for mobile users is recommended. Business Needs: With the growing number.
ISYM 540 Current Topics in Information System Management
Phishing is a form of social engineering that attempts to steal sensitive information.
Providing Network Services
Home Internet Vulnerabilities
Wireless Spoofing Attacks on Mobile Devices
Presentation transcript:

Phishing for Phish in the Phispond A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta

Phishing attacks – State of the Art … (simple ) Do-it-yourself phishing kits found on the internet, reveals Sophos Do-it-yourself phishing kits found on the internet, reveals Sophos Use spamming software/ hire a botnet Use spamming software/ hire a botnet Url obfuscation Url obfuscation Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

What you need to be aware of ? - Subtle aspects … Unicode attacks – paypal.com/ cyrillic ‘a’ Unicode attacks – paypal.com/ cyrillic ‘a’ False security indicators – pad-lock icon, certificates False security indicators – pad-lock icon, certificates Address bar hijacking Address bar hijacking Discrepancy between anchor text/link Discrepancy between anchor text/link Redirects Redirects Dynamic nature – site up for 4.8 days on average/rotating ips Dynamic nature – site up for 4.8 days on average/rotating ips Negligence – Why Phishing works ? Negligence – Why Phishing works ? Legitimate sites usually won’t ask you to update information online, out of band methods – similar to symmetric key exchange … Legitimate sites usually won’t ask you to update information online, out of band methods – similar to symmetric key exchange …

Statistics … Source - Phishing Activity Trends Report July, 2006, Anti-Phishing workgroup

Defenses – State of the Art … Why phishing works ? – Dhamija et al Why phishing works ? – Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al Detection of Phishing pages based on visual similarity - Liu et al Detection of Phishing pages based on visual similarity - Liu et al Modeling and Preventing Phishing Attacks – Jakobsson et al Modeling and Preventing Phishing Attacks – Jakobsson et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al Cont …

Defenses – State of the Art Anomaly Based Web Phishing Page Detection - Pan et al Anomaly Based Web Phishing Page Detection - Pan et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al Anti-Spam Techniques – spam, a vehicle for Phishing attacks Anti-Spam Techniques – spam, a vehicle for Phishing attacks

What to do if you suspect an url/ip is Phishing ? Look if already present in any blacklist – phishtank, anti-Phishing workgroup Look if already present in any blacklist – phishtank, anti-Phishing workgroup DIG.multi.surbl.org DIG.multi.surbl.org entry will resolve into an address (DNS A record) whose last octet indicates which lists it belongs to entry will resolve into an address (DNS A record) whose last octet indicates which lists it belongs to The bit positions in that octet for the different lists are: 2 = comes from sc.surbl.org 4 = comes from ws.surbl.org 8 = comes from phishing data source (labelled as [ph] in multi) 16 = comes from ob.surbl.org 32 = comes from ab.surbl.org 64 = comes from jp data source (labelled as [jp] in multi)

Anti-Phishing tools … Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

Enough of the application layer yada yada … Can we do better ? Can we do better ? Analysis of Phishing at network level – the current set up … Analysis of Phishing at network level – the current set up … Why it is challenging ? Why it is challenging ? Lessons learned … Lessons learned …

Interaction with Phishing Sites

Source address frequency …

Dest addr frequency …

CDF – Bank Of America, Phishing site – bytes

CDF – Bank Of America, Phishing site – duration

CDF – Bank Of America, Phishing site – packets

Src addr frequency to yahoo hosted Phishing site …

CDF bytes - yahoo

CDF duration – yahoo …

CDF packets yahoo …

Recent statistics … A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites - making the hackers more difficult to track. A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites - making the hackers more difficult to track. Source: SecurityFocus.com

What we learned ? Challenges of Network Level Phishing Challenges of Network Level Phishing Data Sources Data Sources Real-Time Mapping Real-Time Mapping Multiple Domain Hosting Multiple Domain Hosting Redirection Techniques Redirection Techniques Grad Students Grad Students

What we are exploring now ? Combined Data Sources Combined Data Sources Application Level Sources Application Level Sources DNS Traces DNS Traces Multiple Vantage Points Multiple Vantage Points Different Universities with Spam Traps Different Universities with Spam Traps Is Phishing Targeted? Is Phishing Targeted? Percentage Phishing Mails per Spam Trap Percentage Phishing Mails per Spam Trap

What does the lab look like ? Phishing basics Phishing basics Attacks – state of the art Attacks – state of the art Defenses – state of the art Defenses – state of the art What you need to be aware of so as no to fall prey to Phishing ? What you need to be aware of so as no to fall prey to Phishing ? Phishing IQ test - Phishing IQ test - 100% - Hurray !!! I’m the Phishmaster 100% - Hurray !!! I’m the Phishmaster < 70% - Don’t do online transactions …

References … Why phishing works ? – Dhamija et al Why phishing works ? – Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al The Battle Against Phishing:Dynamic Security Skins - Dhamija et al Detection of Phishing pages based on visual similarity - Liu et al. Detection of Phishing pages based on visual similarity - Liu et al. Modeling and Preventing Phishing Attacks – Jakobsson et al Modeling and Preventing Phishing Attacks – Jakobsson et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al Anomaly Based Web Phishing Page Detection - Pan et al Anomaly Based Web Phishing Page Detection - Pan et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.