Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing

13 years 11 months ago

Download www.cl.cam.ac.uk

Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers’ widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised whenever the root cause of the vulnerability is not addressed. We ﬁnd that 19% of phishing websites are recompromised within six months, and the rate of recompromise is much higher if they have been identiﬁed through web search. By contrast, other public sources of information about phishing websites are not currently rai...

Tyler Moore, Richard Clayton

Real-time Traffic

Cryptography | FC 2009 | Phishing | Web Servers | Websites |

claim paper

Post Info
More Details (n/a)

Added	26 May 2010
Updated	26 May 2010
Type	Conference
Year	2009
Where	FC
Authors	Tyler Moore, Richard Clayton

Comments (0)

Sciweavers

Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing

Cryptography | FC 2009 | Phishing | Web Servers | Websites |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers