Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing & Pharming. 2 Oct. 2004 to July 2005 APWG.

Published bySabrina Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "Phishing & Pharming. 2 Oct. 2004 to July 2005 APWG."— Presentation transcript:

1 Phishing & Pharming

2 2 Oct. 2004 to July 2005 APWG

3 3

4 4 Note: no SSL. Typically: short lived sites.

5 5 Common Phishing Methods  Often phishing sites hosted on bot-net drones.  Move from bot to bot using dynamic DNS.  Use domain names such as: www.ebay.com.badguy.com  Use URLs with multiple redirections: http://www.chase.com/url.php?url=“http://www.phish.com”  Use randomized links:  http://www.some-poor-sap.com/823548jd/

6 6 Industry Response  Anti-phishing toolbars: Netcraft, EBay, Google, IE7  IE7 phishing filter:  Whitelisted sites are not checked  Other sites: (stripped) URL sent to MS server  Server responds with “OK” or “phishing”

7 7 Pharming  Cause DNS to point to phishing site  Examples: 1. DNS cache poisoning 2. Write an entry into machine’s /etc/hosts file: “ Phisher-IP Victim-Name ”  URL of phishing site is identical to victim’s URL  … will bypass all URL checks

8 8 Response: High assurance certs  More careful validation of cert issuance  On browser (IE7) : … but most phishing sites do not use HTTPS

9 9 Other industry responses: BofA, PassMark ING bank login

10 10 Industry Response: Bank of Adelaide

11 11 ING PIN Guard

12 12 T.G.s: The next phishing wave  Transaction generation malware:  Wait for user to login to banking sites  Issue money transfer requests on behalf of user.  Reported malware in UK targeting all four major banks.  Note:These are social engineering attacks. Not just a windows problem.

13 13 Some ID Protection Tools  SpoofGuard: (NDSS ’04)  Alerts user when viewing a spoofed web page.  Uses variety of heuristics to identify spoof pages.  Some SpoofGuard heuristics used in eBay toolbar and Earthlink ScamBlocker.  PwdHash : (Usenix Sec ’05)  Browser extension for strengthening pwd web auth.  Being integrated with RSA SecurID.

14 14 Password Hashing (pwdhash.com)  Generate a unique password per site  HMAC fido:123 (banka.com)  Q7a+0ekEXb  HMAC fido:123 (siteb.com)  OzX2+ICiqc  Hashed password is not usable at any other site Bank A hash(pwd B, SiteB) hash(pwd A, BankA) Site B pwd A pwd B =

Download ppt "Phishing & Pharming. 2 Oct. 2004 to July 2005 APWG."

Similar presentations

Cross-site Request Forgery (CSRF) Attacks

Cross-site Request Forgery (CSRF) Attacks
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
1 Managing Identity Threats May 2010. 2 Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting Email to enter credentials.

1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
User Authentication and Password Management John Mitchell CS 142 Winter 2009.

User Authentication and Password Management John Mitchell CS 142 Winter 2009.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.
Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.

Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.
Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University
Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.

Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.
1 Client-side defenses against web-based identity theft Students:Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty:Dan Boneh and John Mitchell Stanford.

1 Client-side defenses against web-based identity theft Students:Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty:Dan Boneh and John Mitchell Stanford.

Similar presentations

Ads by Google