1 / 26

Phishing for Phish in the Phispond

A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta. Phishing for Phish in the Phispond . Phishing attacks – State of the Art … (simple  ). Do-it-yourself phishing kits found on the internet, reveals Sophos Use spamming software/ hire a botnet Url obfuscation .

loren
Download Presentation

Phishing for Phish in the Phispond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A lab on understanding Phishing attacks and defenses … Group 21-B Sagar Mehta Phishing for Phish in the Phispond

  2. Phishing attacks – State of the Art …(simple  ) • Do-it-yourself phishing kits found on the internet, reveals Sophos • Use spamming software/ hire a botnet • Url obfuscation Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

  3. What you need to be aware of ? - Subtle aspects … • Unicode attacks – paypal.com/ cyrillic ‘a’ • False security indicators – pad-lock icon, certificates • Address bar hijacking • Discrepancy between anchor text/link • Redirects • Dynamic nature – site up for 4.8 days on average/rotating ips • Negligence – Why Phishing works ? • Legitimate sites usually won’t ask you to update information online, out of band methods – similar to symmetric key exchange …

  4. Statistics … Source - Phishing Activity Trends Report July, 2006 , Anti-Phishing workgroup

  5. Defenses – State of the Art … • Why phishing works ? – Dhamija et al • The Battle Against Phishing:Dynamic Security Skins - Dhamija et al • Detection of Phishing pages based on visual similarity - Liu et al • Modeling and Preventing Phishing Attacks – Jakobsson et al • PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al Cont …

  6. Defenses – State of the Art • Anomaly Based Web Phishing Page Detection - Pan et al • Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al • A Framework for Detection and Measurement of Phishing Attacks - Doshi et al • Anti-Spam Techniques – spam, a vehicle for Phishing attacks

  7. What to do if you suspect an url/ip is Phishing ? • Look if already present in any blacklist – phishtank, anti-Phishing workgroup • DIG <IP>.multi.surbl.org • entry will resolve into an address (DNS A record) whose last octet indicates which lists it belongs to The bit positions in that octet for the different lists are: 2 = comes from sc.surbl.org4 = comes from ws.surbl.org8 = comes from phishing data source (labelled as [ph] in multi)16 = comes from ob.surbl.org32 = comes from ab.surbl.org64 = comes from jp data source (labelled as [jp] in multi)

  8. Anti-Phishing tools … Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

  9. Enough of the application layer yada yada … • Can we do better ? • Analysis of Phishing at network level – the current set up … • Why it is challenging ? • Lessons learned …

  10. Interaction with Phishing Sites

  11. Interaction with Phishing Sites

  12. Source address frequency …

  13. Dest addr frequency …

  14. CDF – Bank Of America, Phishing site – bytes

  15. CDF – Bank Of America, Phishing site – duration

  16. CDF – Bank Of America, Phishing site – packets

  17. Src addr frequency to yahoo hosted Phishing site …

  18. CDF bytes - yahoo

  19. CDF duration – yahoo …

  20. CDF packets yahoo …

  21. Recent statistics … • A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites - making the hackers more difficult to track. Source: SecurityFocus.com

  22. What we learned ? • Challenges of Network Level Phishing • Data Sources • Real-Time Mapping • Multiple Domain Hosting • Redirection Techniques • Grad Students

  23. What we are exploring now ? • Combined Data Sources • Application Level Sources • DNS Traces • Multiple Vantage Points • Different Universities with Spam Traps • Is Phishing Targeted? • Percentage Phishing Mails per Spam Trap

  24. What does the lab look like ? • Phishing basics • Attacks – state of the art • Defenses – state of the art • What you need to be aware of so as no to fall prey to Phishing ? • Phishing IQ test - 100% - Hurray !!! I’m the Phishmaster  < 70% - Don’t do online transactions …

  25. References … • Why phishing works ? – Dhamija et al • The Battle Against Phishing:Dynamic Security Skins - Dhamija et al • Detection of Phishing pages based on visual similarity - Liu et al. • Modeling and Preventing Phishing Attacks – Jakobsson et al • PHONEY: Mimicking User Response to Detect Phishing Attacks - Chandrasekaran et al • Anomaly Based Web Phishing Page Detection - Pan et al • Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks - McRae et al • A Framework for Detection and Measurement of Phishing Attacks - Doshi et al

More Related