Phishing for Phish in the Phispond - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Phishing for Phish in the Phispond

Description:

Do-it-yourself phishing kits found on the internet, reveals Sophos ... Source - A Framework for Detection and Measurement of Phishing Attacks - Doshi et al ... – PowerPoint PPT presentation

Number of Views:292
Avg rating:3.0/5.0
Slides: 27
Provided by: sagar
Category:

less

Transcript and Presenter's Notes

Title: Phishing for Phish in the Phispond


1
Phishing for Phish in the Phispond
  • A lab on understanding Phishing attacks and
    defenses
  • Group 21-B
  • Sagar Mehta

2
Phishing attacks State of the Art (simple ? )
  • Do-it-yourself phishing kits found on the
    internet, reveals Sophos
  • Use spamming software/ hire a botnet
  • Url obfuscation
  • Source - A Framework for Detection and
    Measurement of Phishing Attacks - Doshi et al

3
What you need to be aware of ? - Subtle aspects
  • Unicode attacks paypal.com/ cyrillic a
  • False security indicators pad-lock icon,
    certificates
  • Address bar hijacking
  • Discrepancy between anchor text/link
  • Redirects
  • Dynamic nature site up for 4.8 days on
    average/rotating ips
  • Negligence Why Phishing works ?
  • Legitimate sites usually wont ask you to update
    information online, out of band methods similar
    to symmetric key exchange

4
Statistics
Source - Phishing Activity Trends Report July,
2006 , Anti-Phishing workgroup
5
Defenses State of the Art
  • Why phishing works ? Dhamija et al
  • The Battle Against PhishingDynamic Security
    Skins - Dhamija et al
  • Detection of Phishing pages based on visual
    similarity - Liu et al
  • Modeling and Preventing Phishing Attacks
    Jakobsson et al
  • PHONEY Mimicking User Response to Detect
    Phishing Attacks - Chandrasekaran et al
  • Cont

6
Defenses State of the Art
  • Anomaly Based Web Phishing Page Detection - Pan
    et al
  • Phighting the Phisher Using Web Bugs and
    Honeytokens to Investigate the Source of Phishing
    Attacks - McRae et al
  • A Framework for Detection and Measurement of
    Phishing Attacks - Doshi et al
  • Anti-Spam Techniques spam, a vehicle for
    Phishing attacks

7
What to do if you suspect an url/ip is Phishing ?
  • Look if already present in any blacklist
    phishtank, anti-Phishing workgroup
  • DIG ltIPgt.multi.surbl.org
  • entry will resolve into an address (DNS A record)
    whose last octet indicates which lists it belongs
    to
  • The bit positions in that octet for the different
    lists are
  • 2 comes from sc.surbl.org4 comes from
    ws.surbl.org8 comes from phishing data source
    (labelled as ph in multi)16 comes from
    ob.surbl.org32 comes from ab.surbl.org64
    comes from jp data source (labelled as jp in
    multi)

8
Anti-Phishing tools
Source - A Framework for Detection and
Measurement of Phishing Attacks - Doshi et al
9
Enough of the application layer yada yada
  • Can we do better ?
  • Analysis of Phishing at network level the
    current set up
  • Why it is challenging ?
  • Lessons learned

10
Interaction with Phishing Sites
11
Interaction with Phishing Sites
12
Interaction with Phishing Sites
13
Source address frequency
14
Dest addr frequency
15
(No Transcript)
16
CDF Bank Of America, Phishing site bytes
17
CDF Bank Of America, Phishing site duration
18
CDF Bank Of America, Phishing site packets
19
Src addr frequency to yahoo hosted Phishing site
20
CDF bytes - yahoo
21
CDF duration yahoo
22
CDF packets yahoo
23
Recent statistics
  • A number of phishing websites are in fact
    legitimate servers that were compromised through
    software vulnerabilities, exploited by hackers
    and covertly turned into illegal phishing sites -
    making the hackers more difficult to track.
  • Source SecurityFocus.com

24
What we learned ?
  • Challenges of Network Level Phishing
  • Data Sources
  • Real-Time Mapping
  • Multiple Domain Hosting
  • Redirection Techniques
  • Grad Students

25
What we are exploring now ?
  • Combined Data Sources
  • Application Level Sources
  • DNS Traces
  • Multiple Vantage Points
  • Different Universities with Spam Traps
  • Is Phishing Targeted?
  • Percentage Phishing Mails per Spam Trap

26
What does the lab look like ?
  • Phishing basics
  • Attacks state of the art
  • Defenses state of the art
  • What you need to be aware of so as no to fall
    prey to Phishing ?
  • Phishing IQ test -
  • 100 - Hurray !!! Im the Phishmaster ?
  • lt 70 - Dont do online transactions

27
References
  • Why phishing works ? Dhamija et al
  • The Battle Against PhishingDynamic Security
    Skins - Dhamija et al
  • Detection of Phishing pages based on visual
    similarity - Liu et al.
  • Modeling and Preventing Phishing Attacks
    Jakobsson et al
  • PHONEY Mimicking User Response to Detect
    Phishing Attacks - Chandrasekaran et al
  • Anomaly Based Web Phishing Page Detection - Pan
    et al
  • Phighting the Phisher Using Web Bugs and
    Honeytokens to Investigate the Source of Phishing
    Attacks - McRae et al
  • A Framework for Detection and Measurement of
    Phishing Attacks - Doshi et al
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Phishing for Phish in the Phispond" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!