Flux in Fraud Infrastructures Minaxi Gupta Computer Science Dept. Indiana University, Bloomington.

Slides:

Advertisements

Similar presentations

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.

Advertisements

Dynamics of Online Scam Hosting Infrastructure

11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.

1 Dynamics of Online Scam Hosting Infrastructure Maria Konte, Nick Feamster Georgia Tech Jaeyeon Jung Intel Research.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

ICANN SSAC, Cairo Nov 2008 Page 1 Summary of Fast Flux Dave Piscitello ICANN SSAC.

An Internet Without IP Minaxi Gupta Computer Science Dept. Indiana University, Bloomington.

INTERNET SAFETY. WHY Every parent and student needs to be aware of the issues that come with the internet. Most parents spend time with their children.

Internet Basics The Internet Is… – a network of networks – a community of people, businesses, schools and organizations – , web pages, databases,

K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer

A look into Bullet Proof Hosting November DefCamp 5 Silviu Sofronie – Head of Forensics

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

Copyright © Pearson Education Limited Computer Fraud and Abuse Techniques Chapter

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.

Hack Firefox to steal web-secrets Sunil Arora. How many of you use Firefox ?

Investigating Malicious Software Steve Romig The Ohio State University April 2002.

ECrime Research Richard Clayton Luxembourg 11 th May 2010.

Taxonomy of Botnets Team Mag Five Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum.

Cyber X-Force-SMS alert system for threats.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Threat infrastructure: proxies, botnets, fast-flux

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

Norman SecureSurf Protect your users when surfing the Internet.

Sravanthi Vattikuti Sri Harsha Devabhaktuni

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Security for Seniors SeniorNet Help Desk

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Internet Security Aspects Dr. Gulshan Rai Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,

«FAST-FLUX problem & domains registrars» Pavel Khramtsov Slovenia-2009 The centre of registration of domains.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs Justin Ma, Lawrence Saul, Stefan Savage, Geoff Voelker Computer Science.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

FluXOR: Detecting and Monitoring Fast-Flux Service Networks Emanuele Passerini, Roberto Paleari, Lorenzo Martignoni, and Danilo Bruschi 5th international.

Lit Space Monitoring for Botnets Stuart Staniford Chief Scientist 1/21/2008.

Smart Protection Network Kelvin Liu AVP, Core Tech Development.

DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.

Trends in Circumventing Web-Malware Detection UTSA Moheeb Abu Rajab, Lucas Ballard, Nav Jagpal, Panayiotis Mavrommatis, Daisuke Nojiri, Niels Provos, Ludwig.

CS 101 – Nov. 23 Communication, continued LANs –Bus (ethernet) communication –Token ring communication How the Internet works: TCP/IP.

Family Connection Collaborative Webs A Tool for Creating and Managing Web sites.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

Firewalls Fighting Spyware, Viruses, and Malware Ch 5.

Cybersecurity Test Review Introduction to Digital Technology.

2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist.

How Web Servers and The Internet Work The Basic Process.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

APACHE INSTALL Linux: CentOS 6.5 WHAT IS APACHE Apache is an open source application which is governed by the GNU licensing for use and alteration of.

Fast Flux Hosting and DNS ICANN SSAC What is Fast Flux Hosting? An evasion technique Goal of all fast flux variants –Avoid detection and take down of.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Seek It- Lesson 2.

Domain Name System DNS - A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP.

And Digital Bait How content theft sites and malware are exploited by cybercriminals to hack into internet users’ computers and personal data.

Lesson 3 Safe Computing.

Network Services, Cloud Computing, and Virtualization

Planet Lab Demo IP Address Map

Presentation transcript:

Flux in Fraud Infrastructures Minaxi Gupta Computer Science Dept. Indiana University, Bloomington

Fraud evolution Economically driven Pull vs push-based Much is Web-based Uses botnets extensively

Internet fraud has an infrastructure behind it Phishing Scam sites Drive-by downloads Socially-engineered malware

It is provisioned differently Flux in phishing Fast flux DNS flux Double flux Helps escape detection and promotes longevity of fraud

Observations 10-30% of phishing Web servers exhibit fast flux 60% of their DNS servers exhibit DNS flux Most fluxing Web servers are part of double-flux infrastructure Same machines act as Web and DNS servers in many cases One host name resolves to many IPs but many names share a common pool of IPs

Take away Fraud infrastructures have telltale signs It may be possible to create signatures that distinguish fraud infrastructures from regular Internet infrastructure Need to investigate what the signatures should look like

Caution DoS attacks do not have Web sites Hacked sites can be used to host fraud This talk takes a DNS perspective on fraud infrastructures Many by-pass DNS by using IP addresses Signatures in the absence of flux? Can criminals evolve to bypass signatures?