Phishing PDF

HTTP://COEIA.EDU.
SA

W

W

"#$%&'K (
"#K&01-.-/ *+,
2.&3
K."1$% 435

W
1429 2008 -

"#$)('&W% 0)
/.- , L+
342 6/ 781429
0002 <24C17
= 978-603-00-1453-8W
? J1 ? J2-@ 0
? K34B6BKHEE= FFCI

005,8J6

1429L5884
=<L)6 1429L5884W
= 978-603-00-1453-8W
>;=83 *789:;0
*/0?
2009-@A1429

W

.*
MN6=7O7P8,4 Q- BB //6 S6

U774 77V77776ME= 77W77L77 X - 77077 @77477
E= 7WK7# (S- Y
+= Z8+= X\(Z
K7]^- 7YX774M 7Y4_/7W) 7YÒ7I- 7=4aM
773O/d77777777
77- 7 <77c&MN6= 7 (377
=U77477bS
- 76$M7Z_

=/3O/df =gZ
<h_/
+77i- 776$77- 7777?M'77 +./77U77477bS77(6/+77i
+=a- 7777? 77kM77 477bbl- Y77WU77477bS 77 77(6/
M077O - 7777?M77bb^77- 77]77776m77Kd6= 77
77? 77kM7736=-=77-/77n o77776<77`6677ZFi77b
K-
.*
7&('$-p 7q 7&/U7r7(@7 (+ 7IL//6 S6
-$ 77bO$ ?/77- 777IÒ 7"LM77 (77c&?g37 ` 777(@
7 7- <c&MgZ
6= (3t
=U4# SK?6Z
+ Y7WU74 7,6?7# SK 76/ 7 Q- 0 @4
vS 8EProject Management ProfessionalFd6= +=aM 4bbl
K Q- BB /M

W

9.....................................................................................................
: 14...........................................................
1.1 15.................................................................
1.1.1 )15 ................................... (E-Mail Client

2.1.1 )16 ..................................... (E-Mail Server
2.1 17.....................................................
3.1 18..........................................................
1.3.1 18 ...............................................
2.3.1 18 ......................................................
4.1 19.....................................
5.1 21...........................................................................
6.1 22..................................................................
: )24................................ (Spam
1.2 26..............................................
2.2 31.............................................
1.2.2 : )31 ................... (E-Mail Spoofing

2.2.2 : )31 ............ (Open Mail Rely
3.2.2 :
)(Image-based Spam
32
4.2.2 : )34 ........................ (Dictionary Attack

3.2 34...................................
1.3.2 : )34 ................................... (Filtration

2.3.2 : )35(Black lists / White lists

W
3.3.2 : )37 ...... (Commercial Whitelists

4.3.2 : )37 ................ (Integrity Check
5.3.2 : 38 ........................................
6.3.2 : 38 ..................
7.3.2 : )39 . (Spam Reportin
8.3.2 :
)41 ...................................................................(SMTP RFC
9.3.2 : )41 .... (Fake MX Records
10.3.2 : )43 ..................... (Greeting delay
: )45............................................... (Phishing
: )65...................... (Phishing Techniques
1.4 : )67 ................. (DNS Poisoning

2.4 : )70 ............ (Hosts File Poisoning
3.4
: )71(Content Injection
4.4
73 .
5.4
: )76 ..................... (Address Obfuscation
)(Man-in-the-Middle Attack MITM
6.4 : )80(Malware Attack

7.4 :
)80 ....................................................................... Phishing
8.4 : )81(The Popup Attack
(Search Engine
9.4 : )83 ................... (Fake Address Bar
(Phishing
)91................................................................................... Countermeasures
1.5 : 92 ...........

W
1.1.5 92 ........................................
2.1.5 )92 ...................... (Bounced E-Mails
3.1.5 93 ..................................................
4.1.5 94 ......................................................
5.1.5 94 ............................
2.5 : )98 ..................................... (Filteration
3.5 : ) (Security Patches
)99 ...................................................................... (Firewalls
4.5 : )100 ..(Cross-Site Script - XSS
5.5 : )101 ............... (Visual Keyboard
6.5 : )102 ......... (Two-Factor Authentication
7.5 : )104 .............. (Mutual Authentication
8.5 :
)105 ..................................................................... Toolbars
9.5 : )110(Anti-Phishing Software
(Anti-Phishing
111.....................................................................................
117................................................................................................

W

W
10
?xI?/b4)&'&/L73Lw7`47&7F7b 7B^7 YO

BO/7"(76?za?y37#^7)&'&/7?w7- 7Zm7I7$
(7g/7rK? 736/Ly37#77(6Jx7m7r^7)&'& 7Bw7
- Z/r7g7 x]I 74K 7 7d7OM+= 7V`/7
B 33n6`/ I# "L"/{rBO6^)&'& 33y3#?w
B/L68?_p YI#<Yr? <Y3 33Z6 K= " ?m
x8( I6H?S " =@6%78 "7#$)('&%7Jx7
F M03Z6L -^b= L- Zi6/Z(I3
7`r Y40O'677O7@K- 7Z/7Z6x78(7OH 7
((7&?/Y7W? I3/Z0 7 7Y36t7 7o "7#p
in)
/.-O6 LZK- VC} L ~r] M = 7
n( Km8H
a?&/haU7743O 77(/(77 f77\77i 77Yx778M%77/ 77
@ 77Z?U77I?&{77rx778<Y77Z6(%^77Z774OMH 77)&'&77w77
" = K 8= hÒ
.

11

W

?Ui77n776)('&77(E-Mail)%77 77 77bO$@776 +x77

W
12
= &$"//d= 6\ZU4./r?<7c%]rK- cI

-$ k 4S6)('&% EFaxF I+ bO? K
6)('&m]b%/OJ?7m77/O7\/7 ?7
'(aw& .&?Lm&{r$6/4.%( Cp^7 Y
8_g8_ c& Y4}t6)('& K%
x8L I6( FH 0M^Zp6)('&%
(.%)
/.- , C+<7ZÒL(7br7ZzaH 7K
]b c&/676)('&%7]7b 7=L 7I6%& 776
)('&g77%77ESpamF77/}77n77`776(H 77N/77778
"#$)('&EPhishingF%7(7Jx77n]7b7 zav7
KN
3O?x88( m& MH 64O+%^7Z7Y
/
@ 0(3 EInternetF76x'74776)('&7S?%7
?&<Y"7777M77Ì77@ 77\77i 77kM%77/<77Y 77ZS
V? K-

13

W

14

W

"#

15

W

7`6/m7O &(v7S7%&)('6 c&8 b]x8/6

(3774%7&)('767/O7] 7,6?/76Kd Y, Y4
M- 7L "I. ? c&='M ^Z -$ OvS
76 7=7(C/7W7b]x78/7 MK%7&)('76/O4
K%&)('

1.1
EData NetworkF- 7& 3(37WU74I3EApplicationsF- `3"(O

U743773"O%7&)('76 ?7KEserverF 7 EclientF74
77 EE-Mail
ClientF%77&)('7767747777(677Yr- 77& 3(377W
KEE-Mail ServerF%&)('6
(E-Mail Client) 1.1.1

m7Y
78EMail User Agent-MUA)^7Z76/7 7,6?UZ6
KEE-Mail ServerF %&)('6 ^ZI3
W%8%&)('64F
^7 EE-Mail ServerF 7M76H 7ZS776'
7
KEPOP3F60( O/
K= +- `za I /3n
76 &Ò/ ÊE-Mail ServerF za /<ZO
KESMTPFZ3
K%&)('6 c&M%&)('64dLE1-1F(yn6

W

Microsoft
16
?q 777&/%777&)('77767774q/777U7774777777

.?wr/(6 ? /WE1F?Outlook
(E-Mail Server) 2.1.1

Jx778 KEMail
Transfer AgentMTAF767`&7 7,6?U7Z6
%7&)('767 za7%&)('6 = 3``6

KEInternetF (3U4\/
Microsoft Exchange ?q &/%&)('6
q/U4
K?wr/(6 ? /WE2F?Server

776 77c&M%77&)('776 77 d77LE1 J1F(77 7 ,6?y77n6
K%&)('
( 1-1 )
Ewww.microsoft.com/outlook/F (3U4q &dLE1F
Ewww.microsoft.com/exchange/default.mspxF (3U4q &dLE2F
17

W

2.1
)(Web-based E-Mail webmail

'(a6/ %8& 7bOp+7%7p7 7y]7b(37 7
y]b Yr6}EInternetF(3 =46)('& K%
U46)('&%U4(3 ?Gmail?7 7
Egoogle.comF?77

? /77W77Egmail.comF My777777n778 77(777777
KE2-1F

2-1

W

18
3.1
77 L-p 77O/77

B776%77&)('776 77c&M77677'
7 7r ?77./O4M_/(UIZ6+ }
%7 &)('776 3`77777 (~ O}+77-77" 773O 77Cp 7 77
Km =a
1.3.1
(Simple Mail Transfer Protocol - SMTP)
(377U774%77&)('77677'7 %77 `77 O778
7ì7`h1 821 <7L=ERFCF- 7`07`hm]6/O
K2 1123<L=
U74Z36 &Ò/-$ bO%&)('6 3`ZO
<L=gO(KE3-1F(Myn8 EPort 25F25<L=x]I
K /63Lx]I
2.3.1
(POP3 Post Office Protocol)
776'
77$%77&)('776774m^77Z6Jx7777 O778
<77L=- 77`07777`h77 Ox778F776/OK 7777%77&)('
KEhttp://tools.ietf.org/html/rfc821F`h^)('&ZIE1F

19

W
K1 1939
43<L/< Ozag6^7ZI@ 77^7Z
x8 O%8^ZI K
77 3`77ZO776)('&%77/-$ 77bO77 O(077U774776
110F110<7L=x7]I
My7n78 7 EPortKE3-1F(7(?7g776
/6 =<L Kx]I
) (3-1 SMTP
POP3
4.1
< "I8.BXI4M?@?p4%O6Jx76)('&K%7
E3F^ZI)('&. Ehttp://tools.ietf.org/html/rfc1939F`h

W

20
K?abc.com?8?xyz@abc.com?J6I" I<pr
- 7&(7S?78EDomain
Name System - DNSF- 7L "I. 7? 7c&
K 7YI 7r7 ((77O +4(6 (3

v7S6/7 7YI6 I4- 7L "I. 7?7/778 cIx8- <8?
f= 7347(m7&aJ?m707 ^/7 7^J/Ir/$
777
7I4 737U7rK7 (3737ZI FO C
- & E213.230.10.197F CVZJ/IEwww.ksu.edu.saF
7 - 7L "I. 7?7 7S?MppS +(
Ofx8/
KE4-1F(Myn8

( 4-1)

p7$%78- 7L "I. 7? 7c& Y7`6t7\/ - \Sa
/7 ?E 7I87(67`rK" <&" 3O/%&)('6 . ?4
21

W

gr7 7a7.=037Z767S 7"&<7)%7&('a76/ 7

77 7"I<7U74+g7(- 3"d6O/+4 Z
KE Failover?Backup F S gr?ELoad BalancingF
. 77? 77 {77r%77&)('77677377ZI p77$77 SM
Mail exchange Records F? / 3O-pV?77_/O-pVZ/6- L "I
.E MX records

5.1
(Mail exchange records MX records)
< 7Z 76B7 7/ 7b6a7] / 3O-pV
preference
F 7 (%,]O<L=d3`Z}%&)('6 .

KEnumber

W
22

) (5-1
/<L/7]07O/O78%7,7 7 7(rK=<7L]7,

7
?w77& /77#77 S77#OM77 ? 77VI 77/x77C{77r 77 /
bO$?d$ J<L/&{rUyVI6 bO$037Zm7
m&{rd Myn8 m6Jx( KE5-1F
6.1
(66)('&B
?+4% W%8.
)(Header
U4J- & 3
77(6U74W7b
WEFromFI /} J76
J /
Kxsender]@[source domain namez
23

W

/} %&)('6H ZS<Wsender
. /mI-=#Jx" ^ I<Wsource domain name
7&I4J7?7(K3`7Z} J767I:EToF3`Z J
777bU77743`777Z 777I4777(6K3`777Z} 7774k?777Sp3`777Z}
K[receiver]@ [destination domain name]
3`Z} %&)('6H ZS<Wreceiver
.ma /} =Jx" ^ I<Wdestination domain name
%7&)('76 7 7 7/ =Z%b]O WERouteF= Z J
\/77 "77 77=/773`77Z %77&)('776 77 za7
/
74q/7/7O$+ 74.U74za]7BZZ0ZS3O/
Y7n/4^7Z 7({7(76d7+/W 3= Z- & %&)('6
= 77Ya?= 77^ %7 &)('776774q/77M+/r77- =77 776/774
$ 77/776E7-1F(77K?77

?%77&)('776774M?77#
K= Z
K /n:(Subject)
K /&:(Body)
%&('a6/ =E6-1F(W

W
24
) (7-1
) .(7-1 .
"!
) ('& $#$
)(Spam

25

W

W

26
7Y]6/Ov7S77/g7%&)('6= b]x8L I6

K- cI/r\ZU4=/n?m33ZO Yr8?
7776 777=aM^777Z0 777777b]x7778L 777I6777777
K C+ ,-./
)H/g%&)('

1.2
(Spam)
77c&^77+. 77a 77Y&77/g77%77&)('7 6 77=_/77O
7EBulkF7 8<7 7={EElectronic Messaging SystemF7& )('/
fx77C3`77Z 773L7777/?77L?77"g7777 77/
Electronic
F%77&)('776 77cIESpamF77 773O= 77W77`K 77/
777/777J?U7774 7 7,6?7773"IO 777Y&a$aEE-MailF =777b ?EMail

W&)('
KEBlogsF- &
KESMSF+gb`bI /
KEForumsF- 6I
KEWeb Search EnginesFvi3- /
KEInstant MessagingF/W 3'L%&'
7Cp 7J= 7Vp74)8 /fx8/(6 3
F 7(7&$/7c&+787](O/7Z}76/6 74p747IV6
7&p4)+ 7B7Y\7 U4 rK- &p4)fxY+ 4"3O/
27

W

K\/ p4)` =& Pn]( = c&J?4 8/&

7Ofx8 S$ /fx8 Yr ZO}\/ ?/? ,6?E I8
7`6/"fx787,O$v7S ESocial EngineeringF74
$7ICH w
3`7Z} 7I4J/73%4 7
$07& X7ZO =7`7I`-/7$p
7 t7 ?76gV&M7'3- =7$ ?7=7Ix8U4$ K /
M%78- =77
?77 7376i 7/3`Z} ILa YI_C
d77r/F7y7] 7/3`7Z} 7ILa7 78/ $ K8@``
M 77I67rd7"`?+=77#?%7b&F7F77x7787m77 Y6{ 7/
>KKgr8``@
777/777ir (J777Z777q 777& 8=777#?1 777bSaM
377Z&?377OENational
Saudi Anti-Spam ProgramFE77/g77F77 iL$
JB Yt- U4. IH/g%&)('6

K`67ZO 7= 7Yc 7 2007 754w7EISPF (3
SMS
F77/g77+g77b`77bI 77/377Z& ?7,6? 77bS)-/77Y?
w7 J6ZM` IFO C%+=- U4. IESpam

5I63 2P6x206= YI652007 1.7
.\/ ?/?-5<YO

IÒ-$ bO$P8?6Z/(M iL$ /8/dn`<O? E1F

(http://www.spam.gov.sa/Statistics-Arabic.doc)
2008 J781429-

W

28
7742 ESymantecF?& 77?W /77WmO=77#?1 J/Y77W/776/Ò/77Y?

7637Z&?2007 747/76r/Y77/g%&)('6=
MK%7 &)('776 77=% 77a776977H77/g77%77&)('
377ZIfx778?/77Y?4 ECommtouchF?77O77 ? /77WmO=77#?/77 3 /776/Ò
7 7== 7140J? 87w72006 74M67w72005
K2005 4430 8=L+ 6B == 160% a
3777ZI 3rK- 777cI/777r 7774a=777b777 3777ZIfx7778(777O
07& XU7rK 7/fx78 Yh7iO}?7(7I?7 = " ?E I8- cI
W%
K]3L Y]bO /x8+./` ,- 4
773L77 77YO./L77@ 77/x77877]@ 77,77I6B^S 77Z
KEFF3`Z
E-Mail
F%7&)('76 7 U74J=/7,gETrafficFr
KcIEServer
Data Network
(1)
F 777bO$+ 777IL777ZJ=/777,g777EpY777$
The State of Spam, A Monthly Report February 2007, Generated by Symantec

Messaging and Web Security
(http://www.symantec.com/avcenter/reference/Symantec_Spam_
Report_-_February_2007.pdf)
ESymantec.comF- ?- `3"O kMbb^ /W%8 E2F

(3)
2006 Spam Trends Report: Year of the Zombies, December 27, 2006,
Commtouch Software Ltd.,
(http://www.commtouch.com/documents/Commtouch_2006_Spam_
Trends_Year_of_the_Zombies.pdf)
%&)('6- ?- k/Mbb^ /W%8E4F

Ehttp://www.commtouch.comF
29

W

77LKEInternetF77 (377774 77bO$77Z 7,6?7cIEBandwidth

?7O7 ? /7W74= 7b2006 71 /g //6/Ò/Y?
F4 w77776 3 g7777O1700w(Y7777 7777/fx77778?2 ECommtouchF
MEImagesF=77b^77?2006 774MEw776 5 77(1,700,000,000
- 76 37g37 747=7bm73"O 7EpY7$37Z&dr=L /fx8
KETextFbI &= ` Y Yc]@EBytesF
+77i- 776$ 77&=] 776$6/7777PC 77YO/
?6 77=M
87S7(6/- 7cIw7] 7/774Ifx78?-/Y?(6/
F (O ,(])&
fx8O2007 4M =13/ ?
K /fxCJbp`\ - k-
W0& XU4
76t7(37 7,6?3`Z Y
/O ?/fxC(
7/d77`r/- 7]76/4- g]- V8 YXx8 Y4
(1)
2006 Spam Trends Report: Year of the Zombies, December 27, 2006, Commtouch
Software Ltd.,
(http://www.commtouch.com/documents/Commtouch_2006_Spam_Trends_Year_of_
the_Zombies.pdf)
%&)('6- ?- k/Mbb^ /W%8E2F

KEhttp://www.commtouch.comF
.
1000O E3F
m?w?7KEbitFw8(OH @M- 6Bl L+S%8EbyteF w6 E4F

K?0???1? a L
.
1O E5F
. Ehttp://www.spamlaws.com/state/ca.shtmlF- bb^ 4 &=] =E6F

W

30
J7O7Lt7 7/ I,( 3=6/4?&)('

+777`6/"fx7778U7774$ 777Km777?g777rF777x777]IOza 8=777
y77r776/74+77fx778-/7&K2004/6 77I6Mw]77 t7?MyDoom?
F77 7/3`7Z 7Y6{7%7&('a76/ 7=d77r/F7
x7C3`7Zy7r7I4?MyDoom?+8``@M/]%b&Fr/
7={ 7#)/7h?77`r+7fx7Y by3b6f Y
{rr/F
K1 i, Y
M]\/ ?&('a6/6 I4za /^Z&
77I /76/77
?7 7Yr77/g7 7/^77<76</7
? 76gV&M7'3- =7$ ?7/ 7S$ 7=%8]_8

K 7`6/r?H7I
76=YM%& 7&J/77` 7,6?K 8/ Z
7 O7666 7I77 8<7( 7=7/7=? I4b`fx8?3O
7876x7C73`7Z 7 7 2 7&/7_$- PQ
7876 m7IH7"x7]&x(m4w"&Jx6 &. 6/hS?
7Lm7#7I4 7`6/r?H7I
6=Y_ 6=?SI4za08x6?
76]7Z6 7mS/7p7)m78?76]3 mr " /
K3 H/g6xCmin( rfL
?F-Secure?- ?/W- g]F# E1F
KEhttp://www.f-secure.com/v-descs/novarg.shtmlF
K `6/r?HI
6=YX6Ì%8ERandF&/ E2F
SA cops, Interpol ?I2004\Z6\316= `6/r?HIX"24= 3 ??+6/
E3F
http://www.news24.com/News24/South_Africa/News/0,,2-7-Fprobe murder
. E1442_1641875,00.html
31

W
2.2
x778L 77I6F77.B77X0 77 77=aM^77Z= 77776
)('&g%K/
1.2.2 : )(E-Mail Spoofing

7777 O/7777`]6&`7777777767777# zaESMTPF7777Z367777b
77() m77&a\?7 77=a=77I4J77 77776/
U774EAuthenticationF /
'(a&6/4%'04p?=Z6EHeaderF /6 @`??
77/ rK77` 77I47777'(a776/&%77
EFromF77I477Jx77 /
K77x778077& X 77=aMmp77
/77, N77(O$=77b^W77``S+ /
g66/4 H/ S$EspoofingFfx8/}6za 7/
= I4/6L?_/7b<7 7W/ /7W7r 7Y6a7
7
6Q3`Z /?& L Yh=bK
77Spx7787777I7777y77bI6 77/y77r]- 7777`r/
?EAttachmentsF/ELinksF
M+a /(OK7L /
- ] r7(OL`r/gr- 7/77O7Lgr7zaJ?- 7
zaÌO K bdL

2.2.2 : )(Open Mail Rely

6)('& =3Ò%6)('&=7bJ?%
za 8/6/? \/fx8"M7Yw& `6/ 76(37z

W

32
O (36 4`/c&%&)('6 = b6a ,

7 7bO$U74= 7Lg7 7/m7I-=7#Jx7 7 7 {r 6
77 770776/L77]/77 77 za C 77b6am77& ({77LU774m77&{r3`77Z
K/7 w7LM / b6aM]^ ,r?#/rE I8(r3`Z
g7 7/%7
/} 73L7 Cp7I?+/hw(W'Mfx8
7S]7 7(O76@77p7L74{7rx7/c&/
E 7I87S]777 ` 7/3`6$6@6
./g /fx8(O 6L$ S
3.2.2
(Image-based Spam)
J ] /&M=b^za/g /
/} V6
7P8U74I77,O<76 7Yr%7bI\7oU74+7]7b4
K /&M+=#
77 ?W /77WmO=77#?2006 771 7 /g77 77//776/Ò/77Y?
w7=7bU74+/g /3Z&?2 ECommtouchF?O
7% a70w(Y Y&?/g /4% a35
7/g7 7/7Y7ZEData Traffic BandwidthF- 7& 3r7O+ 7IL
(1)
(http://www.commtouch.com/documents/Commtouch_2006_Spam_Trends_
Year_of_the_Zombies.pdf)
%&)('6- ?- k/Mbb^ /W%8E2F

Ehttp://www.commtouch.comF
33

W

KEw6 V 1,700,000,000Fw6 gO1700W7+=`

7"&7EpY737Z&d7r= /fx8M=b?^3OL
Y7 7Yc]@EBytesF- 76 37g3 4=bm3"O - & 3rO
KETextFbI &= `
Optical Character Recognition F 7n_/7@U74_/74 7Z67L
EpatternsF/8 77cU774_/77Eheuristic
methodsF7736/V/77"
EOCR
7/77Ix787J7bM (/]bOM^Z

K=7#7P8U747bIM+`$ (W?x ? Yc /g
W 3Ur
K =(<V@I(WgO
K_/@br
K/ =(F+=bU4&d`dn
K /i=b^
7 ?^7 r/g /Jbr wZ 8S]b
M77 r77V&%"777/g7 77/+ 7,-./77
)777(=7L
K(=LL?za/g /`
77`r=7b I7B77I47/g7 7/%/}FL6$
7h- 7]MI77, \/7 ?- ]- P8#^za\6
Microsoft
F?wr7/(6 ?70(q/- ]#za?EPDFFo

KEXLSFEDOCFEOffice

W
34
4.2.2 : )(Dictionary Attack

7g77776H77/` 77 77I477lM776/6
^77Z677L } /
'(a&. 7?r 7na76/747+=Y7- 7L "&. 7U7I-
fxY"(6`6/ I4'(a6/6& K
. 4VI(O + L. 7?`K+=Y7H 7U7S
a &<cw .
gVIM+?$adLYiZ6x3M
l4L I6 7Zza/cI 7iib" 7aM7`6/fx78
I K6
)( U74_/7 7I674k7"7I 7I677VI
` /7U74? 7/d73O/77&M7,%7"6 7/
7=a7I4m^7Z67
?U46/ 7 7&3`Z /
/} $
6B K/g /
3.2
x8L I6F.BX)
/7.- 7, 7/+76)('&g7%7
K/

1.3.2 :) (Filtration
77(O]77bO 77/776)('& 77?U774%77?B77
?77S. 77/
W
?/O- 77&(77S?=77Z6EHeaderF 77/77I4 77YI 77/
KEFromF
35

W

KESubjectF /n
KEBodyF /&
77r / <7`\7Sad7 7`76 7b \7Saw` "O{r
=?77Z6'377ZI +77<77L?7 &('a776/6 77I 77Y&?U774]77b
{77rI7?77n377ZI Eregular
expressionsF77r-g377O ?77/
K=6x8=/Lx^6
7YI(7/g7 7/J7b7`3"-./
)/ ?%8]b
77# ]7b74 7Y4+7&7`- 7V6n/4
&77LM6g377 `77L(&6 77+ 7746x7777/g77 77/%77/
K1 ]b

Black lists
) : 2.3.2
(/ White lists
- 77L "&. 77??7 &('a776/6 77I4U774.77Z77 `J77

7776/77EIP
addressesFw777&'&$777 O/6 777I4?EDomain NamesF
p7 7=/ 6 IO )('&` /y Z6}$&('a

77S?d77 77`%77&)('776 77b \77Saw77` "O{77rK3`77Z 77
za=/ 7m7y 7Z6}$.7Z7 `7(6m&{rLU4 `/# I4
K3`Z 6/
(1) M. Gupta, C. Shue, "Spoofing and Countermeasures", Book chapter in "Phishing and
Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft",
edited by Jakobsson and Myers, 2006, Wiley.

W

36
7/]7b3`7Z}37ZI %7&)('76 7 4a )(

]I7b 7/r/f4a( ,6?.Z`<U4 4$ `
Junk F77+ 74_/63`Z H ZSM
kz Y`&?.Z`
/. `{ a3`Z} @fx8M=/È/OESpamF?EBulkF?EE-Mail

K YrxS?
776 rK.77Z<77`77 7 N77(U774%77Yr. 77,3<77` 77?
\77Saw77` "Oa=/ 77m77y 7 Z6}.77Z77 ` 77aU77S 77`
77 7,77LU74. 7,37 `/7# I47S?dmb b
m]IbOaUS3`Z 6/H ZSzaY_/?` 6#
%78. 7,3<7`^77$\/7 ?7`6/E 7I8K.77Z7 `7n7
M+7o7?- 7L "I?6 7I77` 76 7/`r Z
. 7,37 `7n7FI7bOt7 7/g. ,3`
7`6/M 7 ^7Z H 7ZSM 77za C 7b6a ?Y7,r=<76m&{r
K.Z] ^`<b
]Ib /_xS J`^ -4{ J /6{(
U774. 7I3`77Z H 7ZSM 7 77kza Y7`&?.7Z77 `7 7 a
. 7I.7Z7 `/73ZI + =/<` O}vSEscoringF<`
7
=w& a+ 4K Y`& ?/_x=/` x^6<`=
U4
?Y7,r=<76m7&{r 7/U74w7`3"&L/<caJ? 4<`
7p7L74?J?7&} <7`7
=w& {rKN( N(K YrxS
K3`Z H ZSM za Y`&<6m&{r /U43"&L/
37

W

g7 7/J7b7r g7 87S. 7,3<7`.Z`<

7Ò 7Y&{r. ,3`<3ZI3 rK bSa YI`M4 ZO a/
77/<7c'?r 7Efalse
positivesF77( 7 )q 7I7S7
<7`^7 7,6? 7/ r/ } +g#4k'/

K /]bOM.Z &` hS/ . ,3
Commercial
) : 3.3.2
(Whitelists
77677 7 `} 77`?77Z- 77Y

"77 773}O<77L77c&?%778
K3`Z zaf6/# ,
/ mr6% 3 `%&)('
EscoringF<777`%7778777c&fx7778777M^777Z0 777777
=77b77 77Y& 77/ /77O77U774. 77IEcertificatesF- Y77
K3`Z 6/za=/ yVIOh
(Integrity Check) : 4.3.2

M^7Z6}Jx7ESMTPF7Z3767`&7 O/& ` ?/
67777b7777# 7777`]67777 (37777U77774%7777&)('777767777/O
?ii77#77(6?+=/77, N77K7
/ 77I4% 77 EAuthenticationF
76/7I4J?7/ 7`SMd7,6^WJ(r
/ b^WN(6
77477/g77 77/ 77=aM Cp7777I+/77fx778%77&('a
.EspoofingF S$6/

W

38
=?7Z6/O76/4 (ì /ir )(

d77EFromF?77?77777`SM= x7777
/ 77I477&= ÈHeaderF 77/
M4 77ZO77`6/"fx778KEReceivedF??=77`@M7 Z6/OM+77
77`
K1 /g / _
: 5.3.2
(377- i]77#Mw77& .777 d77LMJ77677I77
q7777n/4 Y77 778g? 77Ì- 774k?77h o_/77?77
g77776 77=aM^77ZOt77%77&)('7766 77I77d77V
77 7YJ 7]%7&)('6I4/6./
a/YxCKH/
K dLMJ6m&I4 (^/"naqfx8
77(?@?B/ 7 ?at?W7(377./7
)fx78U7477
?xyz at abc dot com?/67i7y37bO?xyz@abc.com? 7?K?"Ì ?dot?
_/77%7%7&)('766 7I4dq/d"ZO$`6/"fxY
KI b6M/-?L(O Y&{r ` m4
M 7b&B7=%&)('6I4 ./
)fxC\/
KIU4_/dVq/U4=x6% +=#F
: 6.3.2
EBulkFg3 C =a<6/g /{rF6/M &/
7za/67Ò7L?U747 C#?U4666 I
(1)
Technologies to Combat Spam, Thomas A. Knox, GIAC Security Essentials

Certification (GSEC) Practical Assignment, Version 1.4b, Option 1, June 16, 2003,
SANS Institute 2003.
39

W
?U747$/7 7L
fx8 IK6/U4g /%"6/ /
I4& K/g\/ ?3`Z =MmZr%``S
N]I"{r`6/g /=U4J/)7I4
) =a_ `6 /3`Z 7L\/7
3`Z` /} 66
(6_C@``%=x8./a 68 I4 "&3`Z
? K$
? =d `6/,rg6748/ 7Yir)p7
M\/I YI4)
/. , Kd Z
7.3.2 :
)(Spam Reporting
4 Z6L)p 7=4g776M7/` 7YI7J7b
<6K C)pfx7874 7bO$ 7/`7 776)('&7/ %7
g /7(K7/7Ù74_/777<7 7"IM7I
K/}J6 {7r ` 7f/7<7 7"I78.B7X7%O76Jx7
77I4M?@?W77p4776)('& p77rK%7<77 77"I77IJ776
? 7() ?abc.com?8?xyz@abc.com@7b- 7& U74 7bO$J<7
&" ? m/O1 ?WHOIS(6?/?x78 J 7
VZO- & +4 LJ K- L "I
bOp E1FxY B6

Y^ppb3"O6/4 a?4
S?6/U4dL(3 Òt
p$. Ewhois.netFWdL

W

40
7 6Jx7%7&)('76 }` pa8p/ \ZE I8

U7 r==77S?77bl^77Zp77)/7777K3`77Z 7760S 77#m77
- 7p 77I4d7VO I4Kp%&)('64M^Z Y
? 7/=7b} 7pa YI# -./

ax^6m&{rmZ]&6U4+g
K\/ ? == ap3`Z(6pr.Z` M/ I4dn
7/} 7677Sza7 r7/g /+ ,`6/"fx8
K/ ^<&" % / `za&` $ Cp
77677 773L7777E1 J2F(77M1 %& 773<77/y77n6
7773L 777za 777`H777/g77777763777Z&2 EGmailF%777&)('
]7777777b

( 1-2)
(gmail.com )
(1) mail uses Google's innovative technology to keep spam out of your inbox,
gmail.com, (http://www.google.com/mail/help/fightspam/spamexplained.html),
December, 2007.
. Egmail.comF (3U43%&('a6/ È2)
41

W
&3Zg6H/3LmI43 K3`Z

}/Y c6</{r%& 3&3Zg6H/7L?(7Om7I473
4% a1g / K/

8.3.2 :
)(SMTP RFC
^77Z6}77L7777ì"- 773]77I77 O&`7777677Z3
MESMTPF6=`g /7/` 777t7
fxYÒ$"K- 73%7/}776g776^7Z6H7//7q
=?P6<Y4 " N`- 73" 7]7I7 O&`7767Z3
ÈSMTPFM<Y6<(i /6JxmI 4Jx(6 7+
7Y
in 'KEHackersF/3LmL

9.3.2 : )
Fake MX
(Records
?7S)
/7.- 77,+] M7 77/J7b76)('&g77%7
8/ 3O-pVdn= =7I4]6B 7?. 7U74- 7L "I
0p 46)('& "&<$% K
c&?WbrM &/76)('&{7r?%7d7 7,]O 7L=E 7I8
MV/?/x807O/O8<L/7 7 7(rK=<7L
]w7& /#?,7 S7#OM7 ? 7VIK 7/x7C{7r 7

W
42
/ bO$?d$ J<L/&{rUyVI6 bO$m7

m&{r 03Zd Km6Jx
4&E I8-pVZ 4$ ]6BU4<L/] WVZ%,

)(Fake Lowest MX Record

7747
&/7c" 7=7376)('&g7%7 /O} 7Y& M7/
774{ 877 +77 77bO$ 77776
+g377077?M 77S /}<77Y6$
)('& SM%r bO$Ì6zaIJ6 K%
3OV,O\b6 /#?%,]O<L/F6BM-pV7Z
/77 77 773L77?. 77077U774- 77L "Ip77$77 774776
)('& "&<$%( rg / K/
?0 73OV7/W6 7/&U77I4zaF76B 7&7
77(6v7725F25<77L=x77]I
x77CEPort 77` 77, 7p77 77/
4`r/ K\/

)(Fake Highest MX Record

/}.J36Lg / / bO$d7 7J<L/7
]%,$U4 J<L/]%,& S$U 7 78g37
J<L/]%7, U74 7/7d7 7 S7ir (74 r7L?q
43

W
g /d&= `/ K\/

3OV,O U4?%,]O<L/F6BM-pVZ/77
3L? .0U4- L "Ip$ 46)('&<7$%
&" ] xCJb =aMHg / K/
3OV /U4(6LF6B?_/g7I4zag6
/ O&'&?Edead IP addressF wI4za/W6 v7%``S
(6xEPort 25F25<L=x]I ` K
(6p 3"O4I-pVZ/7
a7]6B 7,.?M 7 7,r
( KE2 J2F
) (2-2

10.3.2 : ) (Greeting delay

7 73L7+g7bL+']/ O876)('&%7 73L3`7Z
/0U4 bO$ '(a6/& K/ %
7 `3- ]77#]77 O77I&`7777677m77&{rESMTPF77Z3

W
44
0 bO${rU4 7 7/7@= 7c&$ 3`7= 7'707S

=a3L3`Z6)('& Kma%
( ]$+'7r+g7 7/J7bfx78/ 77 7/
} 4 Y//cI6$+= '/60S0+/W 3 bO$ K
)( 4a 7fx78_ 7 $"7`6/d7"L<7h7 7bO$d7
K/
45

W
"! -
./0 ('&
)(Phishing

W

46
m77r8?m77]6/Ov77S77%77&" )('77#$77b]x778L 77I6

K- cI/r\ZU4m43O'=/n
77b^- 77& 3L/77WEPhishingF%77&" )('77#$ 77=77O
7b^ 7i&/7%7&)('76 7=76/74 Z@6/Z
i7, 7Y6a7I7cI?_= 7b7S?7b^W 7i&6/4
Km8?0"6Q
Y77
/}%77&('$" 77#$ 77= 77/7777Ix778%77
77 78g6/77Z 7L=" 7#$ 7" %7&)('776 7=^7Z6
K (3%^Z/\/ Z@b^- & 3
77={77rESpamF77/g7777& )('77/M 77@%778 77
- `3"Oza 8O7"`r%&)('6U4/bÒ$%&" )('#$
?7& 7/ESMSF+g7b`7bI 7/ \/7 ')('&
M7(6_p7 $7(m7Z]&U7`36Y] EInstant MessagingF+/W 3
/7 %78%7&)('6(= Kmp /Xx]IO<6Jx
K1 %&('$" #$- V8x]IOM 4W
?ph?r/7@37Z6 + 74EHackersF7 (37%7L' ?
7 (37I7#/Ld7kJ?<Y7kM+76
- . &)?f?_/@
- I7ZOMEPhishingF7 -7&KF7l7 (7(m7Z]&787"I
KZ" #OtEfishingF(6//`
ESpamF/g66 / Y%&" )('#$=
(1) A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and
Countermeasures", Radix Labs, October 3, 2005.
47

W

M77]077& Xzar 77n) %4 77

$077& X77Z6 7,6? Y77
/}77
77ICH 77w77=77I6 ` 77/77 77 x778i77,U774 77S$774
KESocial EngineeringF4
$
7``S- 7cI 8=7b?7&" )('7#$ 7=7/}%46
77b^m77O & . 77r)776x7783`77Z}7777 M77 =_77b
B7=^7Z <7 7_/7bM%7b^H 7Z@U74 - & 3
77& $EVISAFB77r77L "3 77& $- 77L "3- 77& ?%77b^F776/
K `S$i,b^W i& YL//
?%47O%7&('a76/ 7=%&('$" #$ /JÒ
ESMTPF7Z3767`&7 O/{r ` / } K?_?/b 8=b
?+=/77, N777/ 77I477 EAuthenticationF67b77# 7`]6
x78MK7/ 7I47`074p7(m&/ b^W``SN(6
7Y6)_/7bx7 7"I<7 743 `] 66/ &I4/ d,6
g776 7=^776/74K?_?/7b78 8=7b3`Z
K&)('66 I4 8 /fx8/OESpamF/
- 77& . 77r)3`77Z 7777`6/" 77/fx778\77077(6_77
7 (7_/7bx7%7&)('dL4%b^m ZSza
7.p77Y
766_/7b 7=EStyleFI7Y `6/" /
f= 7WELogoF_/7bB7=d7nELook and FeelF ZS)/cIvS
KEslogansF
7. 74$78 / \Mw^}t0 ?S?

W

48
P3O$m&?-]IL3`Z}%b^H Z@za -$

=B77d77L/77x77877(6 77/ 77
/77M77
77I
/77cI 77,6?v77S77%77#_/77bd77L<77bO 77"<77bESpoofedF
7P87 f= 7WfB7=_/7b<7d7nELook
and FeelF 7ZS)
077%77bIB77'77%778$?77&)('d77L. 77&)77 77

d7L7=bZ&- Y3EHypertext Markup Language HTMLF
_7CpY7/7?m7 (%7&)('dLZ&US?\/ )('&
7_/7bx774m7&?_ 7#Jx73`Z 8
^7Z<7(O 7+ 74t7%7&)('H 7Z@za - & L/Z
K%b^F6/B=
707"6EformFI+B YZ]&&)('6(= OL
77I<77Z?77/ za\/77 ?+/77 C 77=<77h77m77P3O3`77Z
%7&)('767 SM7 (37U74d7LI4zamrP3- & 3
KEWeb-based E-Mail webmailF (3U43
i7,Hx7
Jx7<7"w7 766 / ?Z M
d7L7 7I_/7b7\7p4(6 _?#m&? &/ Jx
Km"i," #Jx+= IbHp =B
" 77777#$ 77777=M^77777Z+=Y77777\/77777 7777777777
W1 %&('$
707"O 7_/bM3`Z H ZSM(E I8?%4O = J
49

W

K /M=
BdL( ^=yibdL+= 63`Z
m74/7O/7" M 7_/7bM3`7Z H ZS?%4O = J
K- p $ir (q &/MVZ
7Y3"3`Z `<6]6B#M%8- 3+=O r = J
KF6B0"x8. ) /M
/3`Z B6
M/77bH 77Z@U774d77Lg77g77O77bF776B= 77Wa 77= J
Kgx8M/cI/3`Z B63`Z}
U74/7O 7_/7bM+76
7 - 7 B7&%4O = J
KL+'] & kfx8U4b@#/r Sp4m& 3`Z
=B7d7Lzam7
6 7/3`7Z}{7r` 7Z-$ @ S M
77b^W 77i&M 7 `S$? 77b ?Y^77Z6t776/77Z- 77& 3d77X
K\/ ? ?a- 4Mi,
W -"M%&('$" #$- V8= b (
K%&('$" #$VC"^ J1
KF6BdLBY J2
77S?^77 77(O77L77]6B 77/7777 877 77=a J3
.ESpamF/g /0 ?
/d3O /y]`6+=B /3`Z 4 J4

KF6BdLM"- & 3< h /M

- 77b^W77iI6<77h776/77Z- 77& 3L/77Z6 77b J5
K 6 i,

W
50
7771 7 7- 777VC777L "777#$'($& 777=%7 77776

)('&M %(E1-3Ft7<7ZL?7 7Y&? Y7/}<74 7?M
? 3 ?_/b?
$43`Z 74?Wf' ?77n
=" `&pi]#za' 7OJx7?y7,Ofx78d7L%78i]7b
? 3 ?dL<b "F6BS &%#/7cI) 7ZSlook and F
EfeelEstyleFIB=dnM _/b( KE2-3F

) (1-3 ""

?E1F @]L =h "#$'($&%
.pYSEI3Z ?6+6/
6/
Z614w3ZJ@2006/6 I614 J781426V J K13718

51

W

736/Lm7nza746 7b?7_/7b" I<M I`La

787mr 7 i7,7U740} 7b6%7 yi7b" I<
7"I<7 IEsamba.comF8 3 _/byib" I<Kz
/7 =B7d7L 7"I<MEsambaonlineaccess.comF8=BdL
%77"6%S6 7/7W 3 7bO$77OEonlineaccessF/7 _/77b<7
KdL4/ 4 3"&

"( "2-3)

W

52
=B7dLm \%# 3 dL8E3-3F(

K%#dL

"( "3-3)

d7L ?7,6?7Sp&K? 76/_?/7bd7L8=BdL/
(7M 7 _/7b%#dL<" #E4-3F(M =B
K ZS)/cII= vSE5-3F
d7L 7"I<7Eriyadbank.comFW78%#dL" I<
KEriyadonlin.net.msFF6B
53

W
0 7??W7brML II "7#$)('&0 7?7b](7?%7

77S$BOM/776d77L.B77
ML II77)
/77.- 77,+- 77 S$
$^]_ $dLB= K+
) (4-3 ""

W
54
) (5-3 ""

/Yc6(/7 $ E6-3Fd7L "7#$'($&%7x78 7
K?H ?_/bdLB=< 7"IEsabb.net.msF<7$m 7 7"I
dLM Esabb.comF%#KE7-3F(7&? 7,6?\/7d7LB7=
"<#dLvS%#I =/cI) ZS K
55

W
6-3 ""
) (7-3 ""

W

56
(3U4 8#=Echat roomsFh o_/3L/w 1 =M

" 77#$- 77V8?-/77Y?EphishersF 77b 77Yr77 77 t7777
- 7VCfx78.=a77S^7W73L 7x] IO}$ 4(%&('$
EphishersF6 77b7777 +4 77Z77 77kM77b^77 /77 ^ 77W?
77OB776BOMEhackersF/ 7 ÊspammersF77/g77 77/%77
/}
7777- 774k+774E 77I8w77& m77&?77=fx778-77
K- 77VC
7 EcashersF7boEcollectorsF7EmailersF7/ bb^
W% M_/ 8
EspammersF7/g7 7//} a<8WEMailersF/ J
g7 / 84= aU4+=`<Y66xEhackersF/ ^ ?
KEfraudulent emailsF S$_Y/
d77LB77Y
6x77EhackersF77/ ^<778WECollectorsF77 J
7776<7776t777 777S$/777Efraudulent
websitesF777]6B77&)('
d7Lfx78<YI707"O 77/g66 /3L Ya 6 i,

K& $L "3<L=?=/<L=^Z {<6/- & 6BO
EmailersF7/ I4=/(.p4<8 =?wcS$
K/g / )= 6 3r6<8
L/7Z6/7Z- 7& 3x `66x<8WECashersFb
o J
(1) Christopher Abad, The economy of phishing: A survey of the operations of the
phishing market, First Monday, volume 10, number 9, September 2005,
(http://firstmonday.org/issues/issue10_9/abad/index.html). M. Jakobsson, S. Myers,
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic
Identity Theft, Wiley, 2007.
57

W

- 7L ". 7&{ /7+7p7$x]I6K Cp<h 3L

JÌ0iZ^ZO]6Br/b- ZS- L "?]6B - ZS
./7?EAutomated Teller Machine ATMF%7_/ 7b+B7Y
?/W 3
K Y"d3
. 77`77za/77W 3J 77dr77 77a77r/77bi .$778
Kbo6Ì- L/Z3Z&<Y "4{?L/Z6/Z- & 3
- 7& 3+7
U747O37ZI76/74?+/W 3.4r6 3
- 7VCU4bo+=LU4 ,6?O V 3L Y +B
^77Z- 77ZS- 77& 377`- 77cIF77U774+x77]I-$ 77S$
K
%7&('$" 7#$- 77V8?wi7n?t777=w7b 7I8za
7Y&?$a 7M7/
)- b<cI` "cI- b4 8.=FÒ
7 (37 74J?%7&)(' 7M<76 8x]IO?M`r YI4Fl
KEInternet worldF
6
p 4Ò Y&?%&('$" #$= M% I$.%
- 77 S$M 773 m778 7777877&)('77I- 77VC774
7776 @=777VrKJ/7773777 7778$?- 777cIM777I- 4 r777
ESecure
Socket Layer SSL CertificatesF77I- Y77EFirewallsF
78g(Intrusion Prevention Systems IPS rules)'7 $d7I7c&?&7L

%7&7hp7F7LO?7($7](c8 3I6 @
7I4 8=/7nF7L6$tcI( 34Eonline trustF

W

58
Mg37 =/7n7Saza 86`r6/Zb^- & H/ZO

%7/7 7c&?7 (3774.]^ bO$` h
K- cI bO$< 8g?FO C4
The Anti-Phishing
F%7&" )('7#$ 7/J7b7474k
- 4 I7bF7\7ZU747 4%8K1 EWorking Group APWG

7=747 Ib^ i&- Jb&&] à Yr8
K%&" )('#$
J7b744kmO4?Jx2007 4r&/YW2 /6/ÒM
W/YMw3`4?/Y?EAPWGF%&" )('#$ /
K" #= 4 p28074
- 7cI7&('ad7L4]6B&('adL4 p23630
K``S
7=-p776/74Ebrand hijackF Y]6BO6= p4178
w7LU7S7S/Y7WMV7Z<7L=U74?<L/7x78K%7&('$" #$
K/Yx/6/`=#a
U74-7S 7YI473%7&('$" 7#$= k34.3
777KEdomain
namesF- 777L "&. 7 7?777P8U7774777&('ad777L777=
KExyzbank.comF
(1)
(2)
The Anti-Phishing Working Group, www.apwg.com.

Phishing Activity Trends, Report for the Month of November, 2007, Anti-Phishing
Working Group (APWG), apwg.org
59

W

U774-77S 77YI4773%77&('$" 77#$ 77=77k776

KE10.212.21.33F K6/46 I4P8U4&('adL=
KmLpa3LF6BdL. `8 6?hph
KF6BdL. `+?%8 630
- 774M77/77MrY77Z77 - 77cI774 776
K6= VpF6BO
% 77a7793.8m377Z& 77 rY77/77 77 - 77cI77cO
KrYZ\/ - 4 Ib
774M7(6/+7i- 76$bw"l/YM
24.21m3Z& &" )('#$dL],Z
%77&('$" 77#$- 77p774E8-3F%i77n(773776
7777m77Z]&/Y77za2006r77&/Y77W77+'77]p77 6/Y77W77Z
K2007
%777&('$" 777#$d777L7774E9-3F%i777n(77737776
77m7Z]&/Y7za2006r7&7+'7]p7 6/YW](+6X
K2007
v77S77- 77cI77&?7777&77(377ZIE1-3F77X3776
K C%&('$" #$- 4_Y
K&" )('#$dLr ,3Z&Mz/E2-3FX36

60

W

) (8-3
2006 2007

) (9-3
2006 2007
61

W
) (1-3

) (
- EFinancial ServicesF
93.8
ERetailFBV d3
2.8
B (3 EISPF
2.2
@(`- 4 Ib EGovernment & MiscellaneousF\/
1.2
) (2-3
1
2
3
4
5
6
7
8
9
10

) (
24.21
- 6$+i (6/
23.85
b
IC
=
I6 O
= &
? &
= 6 IX
( +i
Z&/r
9.39
8.06
4.64
3.53
3.41
2.42
1.47
1.47

W

62
77(6/+77i- 776$M/ 77Z?/77Y?EGartnerF771 77 M

3.2za2007 74Mbw]O=L%&('$" #$- V8 I
%7&('$" 7#$- 7V8M 4 ]O= ,6?/6/`/Y?K%(6/?=$6p
- 77L "3- 77Z77&= `r/77b- 77Z@776= X- 77L "3- 77ZSU774
_= 7b7I4 7S$- 4_ c&?Fnza03Zd
/6) &
K& $- L "3- /Wza3ZI YI4
747N"7Z?/Y7WMJ/7
?p"7U74. 7Im7&? 7,6?7/
- 7V8?37O7(6/+7i- 76$M^7W4500/ 2007
777 777&= `2007 777M777 ? 7 7S w777``S%777&('$" 777#$
774" 7# 7=3`76x7^ 77W7K3,337Z&w7 L` 7Z
" 77#$ 77=0377Z77 / 77Z77n/O<77Y&a%77&)('776776/
J?m`377Jx77 77Mm77Z]&.%7777n/O2.377777&= `%77&('$
Y 77- 4p"77U774. 77I2005 77772.9777 77,6?77&= `2006
.EGartnerF3Lw6/
?
77 - 77 77"L77FI77bOt772?PayPal? ?7,6?77/7

7n/O/7 7&( O/77BV d73" LFIbOt3 ?eBay?
KEbrand spoofingF6= Vp i&-
U4 I8%&('$" #$- V8 4&E I8
(1) Media Relations, 2008 Press Releases, Gartner, Gartner Survey Shows Phishing
Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks, 05-March2008, (http://www.gartner.com/it/page.jsp?id=565125).
K& )('-p6i- 4rMbb^ /W E2F

K (36/4BV d3Mbb^ /WE3F
63

W

7 J 7b7Z67Ix8MKESocial EngineeringF4

$IC
7i&76/^7 %7&('$" 7#$- 74MJ/73-0& X& /
7"7b+=B7d7Lza3`7Z m7
Espoofed
emailFb^7777777
- 77& 3. 77r)3`77Z 77 77/d7777r/7777P3O?77#?d77L

K6/Zb^
U7747777I778%7 &('$" 77#$- 77V877/77 77I
q/7=B77Ix8M b`6Etechnical subterfugeFI]0
77b^- 77& 3L/77 7 Cp 77<77O 6 i77,+B77Y
?MESpywareFN77Z
77i&- 774M 7 `S$ Y&^77Z6v77S6 77bza C 77=a6/77Z
K1 b^
Anti-Phishing Working Group, apwg.org. E1F

64

W
65

W
"! 1
2 ./0 ('&
)(Phishing Techniques

)(DNS Poisoning
)(Hosts File Poisoning
)(Content Injection
)(Man-in-the-Middle Attack MITM
)(Address Obfuscation
)(Malware Attack
Search Engine
(Phishing
(Attack
)(Fake Address Bar
The Popup

W
66

67

W

K%&" )('#$M^Z0 b]x8L I6
(DNS poisoning) : 1.4

7`6?H7x787`6/K7374=BJ?EPharmingF ,6?UZ6
Domain Name Server
F- 7L "I. 7? 7 U74VC 7EhackerFH/7^

K-pVZ 04pEDNS
- 77&(77S?778EDNSF- 77L "I. 77? 77c&{77r ` 77 77&/ 77

(77O- 7L "I. 77 +747(6 (3
6/7 7YI6 I4- L "I. ?/8 cIx8- <8?K (
77() J?m77077 ^/77 77^J/7777I77r/7777$m77&
-4F(7M 7 73UrK (33ZI FO Cf= 34
7CV7ZJ/77IEwww.ksu.edu.saF7<&"
E1
777S +777
777(Ofx7778/777- 777& E213.230.10.197F7778
K- L "I. ? S?Mpp
za+= 7W)zaJ76 76/76 Ig-pVZ 04p(6
7Zp7$ 7 7 {7r77
M (rK]6BdL
?7$3r XJ/IJxVZ 04p
77
7"&<7$yi7bJ/77I- 7L "I. 7? 7 d
/6}
K=BdLzag6 ] 6/4 &I4d
gm&{r
- L "I. ?U43"I6m&{r
M @ x
07"Ot7d7L7 78g =_7b- L "I. ? YIn\/
K6/ ZSb^W- & 6BO

W

68
( 1-4)

77778?_?/7777b 7777"I<7777?E2-4F(7777M 7777 /7777]I
" I_??` )</byibJ/I?Exyzbank.comF
x7 7"I<7^ W IrE88.33.22.11F8Exyzbank.comF
^77 77Y
`77EInternet
BrowserF77 (377y]77bM_/77b
?_?/7bJ/7777I774p77) y]77bq 77&p7777

77 7 _7#{7rK- L "I. ? zap$0{=
(7777=B7777J/777747777Ig7777m7777&{rE3-4F(7777M 7777 7777Z
_/7b%7#d7L77ZIZF76Bd7Lzag76JxE92.45.67.89F
m73 Jx778_/7b 7"&< ??i,m/6Jx??
77IM074p7` 7Z7M 7I6?= 7 NmI mZ]I
KyibI g3 Sza Y m
vS
69

W
) (2-4

) (3-4

W

70
(Hosts File Poisoning) : 2.4

H7?- 77Sza-%&('$" #$0 ?Hx8m36
<7ZEhackersF7/^7`6H7x78MK- 7L "I. 7?< ZO
Ki, Y
M
Ehosts fileF],F
m]7b6/7 7YI6 I4- 7L "I. 7?7]7,7F7/6
ElocallyF 7m7<(i](,F?$a- L "I. ?
K^Z Y
3L
77I774v77i3 $?77`677 77Y
{77r 77d77L07777I4
7J/77I74p7$73L7- 7]M 7<7$J/
K- L "I. ?
7c&M]7,7F7M%7$V7ZE4-4F(7/6
.EMicrosoft WindowsFI6wr/(6
7/7-pV7{7r- 7L "I. 7?< ZOH?M &/
za 6 i7,m7
/ ^3L 8gO<66/ YI6 I4- L "I. ?
7`6vS],F<ZOH?M ,6?mZ]&]@ 6BdL
77i77, 77Y
M]77,77F77<77Zm77Z]&.%77 77/^
KF6BdLJ/4I<&" /6
Vdn
i7,m7
O<H/ ^3L _ ,VZE5-4F(/6
m7&I4 ?I7n'rJx7%7#d7L7$7E92.45.67.89FF6BdLza
KE88.33.22.11F

71

W

localhost

127.0.0.1
( 4-4)

xyzbank.com
92.45.67.89
( 5-4)
Content
) : 3.4
(Injection
Emalicious contentFv73 \7r 7n{ 7b7`6Hx8M

v773\77ox77877`6?77(KElegitimate
siteFyi77#d77LM77I`S?
W%
K\/ ?dLzayibdL/m
O+ 4a J
KdL/ Y
MEmalwareF3 q/0 /O J
K%&('$" #$ zadLM - & 3m
O+ 4a J
W\o`S"" #p ??&hphE I8
EhackersF7/ ^7`r7 (37 7 MI?+/hp J
KEmalicious contentFv3 \iElegitimate contentF%#\o3
EhackersF/ 7^y7ZO7 (37 MI?+/hp J
Cross-Site Script F77+/7fx78_/7OK7fx78M73
73L 7_ 7,\77q}7I6EProgramming
k/`? S
FlawF%7k/7
%78EXSS

W

72
<7Ò?EblogsF- &7M=B7- 7Ò 73U4K%

= =b
?Ediscussion boardsF 7Ì- `SM =?Euser reviewF qI=B
U747%7&)('76M+?= =vi3- /Mv-
KEweb-based emailF (3
7L` 7Z7M 7 7
= = 7b3L_ ,\ox8
73L/]8 Y]bO<63 k/(? WU4\(6
m7I4q7I6 7=B773L- r na3ÒtdLfx8],Z
KdLi]#/4I4 6 i,y]bU43 fx84
1 ECNET
News.comF= 73
?M =77Ix78U74L
<YL77M77I?+/77hyi77bO774p4) 77gY772?PayPal?d77L 77L 77I4

+ 74azaJ76<YL7Mv73 dL`S (3U4%&)('
KF6BdLza& $L "3- & ai]#0I4i,m
O
78\7o7`S"7%7&('$" 7#$7&?7v7 I J
773 /p77$7776/7477`@+/77hU7ZOd77LM7I?+/77hp7
- 77& 3+774 LM/77?x77]IO<77677`6/"fx778MKESQL
injection vulnerabilityF
+74 LM06/7ZOmI4qI6LdLF,Z MEdatabase commandF

K- & 3
737k` S Y3 /p$6/4`@
73L7/7]78 7 Y]7bO 78)7V& 78Ecross-site
script XSSF
(1) PayPal fixes phishing hole, by Joris Evers, Staff Writer, CNET News.com, Published:
June 16, 2006 4:12 PM PDT, (http://www.news.com/PayPal-fixes-phishing-hole/21007349_3-6084974.html).
K (3U4BV ddL (2)
73

W

K- r na3ÒtdLfx8],Z

747`@"7%7&('$" 7#$H7L1 S?
/7Wd7L7S 78ESQL injection vulnerabilityF3 /p$6/
B
77S%77"ld77L=77S?" 77 77I4Eknorr.comF?=77I ?77 776x
d77LM77I?+/77hp77776/774Elogin
authenticationF
77677bO
7I+/7p7 7 7Z3K73 /p7$ @`"wi

<7
'O73 /p7$7M7Ì7# ]?;?Ì# rr n{fx8
y7n/7`rb`Yrx]IMm8?$O 8%O6 ?za
true logical
Fii77#77`"I+= 7734EHackerF'77^d77,6?%77](6K/77 ?$
p77777777777$777V&777(p777$M777Ì777# ]7773LEexpression

77 7`SMEor x=xF7`"I+= 3dn 3777777777U4ii#
K6bB
S%"^ @OM] =/^ Z<

Man-in-the-Middle
) : 4.4
(Attack MITM
r/7"77 7b^W 7i& 7 7b7`6Hx8M

M 77 d7L^7Z 77 (37U74/7W 3 7bO$74p7
+/7W 3 7777<'76?%78ii7b7 @KE6-4F(
KE7 J4F(M r/"p(YkJ?
(1) Knorr.de SQL Injection and XSS Vulnerabilities, Sebastian Bauer, 01/12/07,
(http://blog.gjl-network.net/blog/index.php?/archives/78-Knorr.de-SQL-Injection-andXSS-Vulnerabilities.html)

W
74
<776773L77 77 77b. 77&a776/774 77bO7777(77b]I

^77Zd77L/77 77bO$m7777(6 77bM77F77bI^77Z
by6 dL` 3- & 3 b=+^Zza74Md7L
bO$EInstant MessagingF/W 3<7h 7Y074p 74a+/7 C 7=a+
? za\/dL Jx?c6- & 3= Lma+^ZK
SM)= SMx/{r b?`6 ,6 ` C 3 74a<7h+
za C =a^Z M( KE8-4F
x8M?/Yc6H bO$$?r/77<6 7Y
78^7Z
?FE
Y?FdL M<8(KE@``'6774- 7& 3
Y /?7_/6M
/? KEMan-in-the-MiddleF

) (6-4 " "

) (7-4

75

W

( 8-4)

^7Z 77'4p M
/V8 r(OL
K'4?dL
?7I7V8?77 7U7ZO7'74p7 7VC74 r(O
^77Z 77- 77& 3r77Op77 EcontentF\77og77EActive
AttackF
76i/7m74_/7b77'7 SM 737UrdL

H 7Z@<7L=EHackerF'7^ 7b/76}7LE9-4F(W- Z@%
Jx7H 7Z@7$7E4444<7L=H 7Z@zapFma6/
73`7M7
/d77'6\x7_/7b7`r7dfS
K bfSJxH Z@za% 6ix]I60"
7VC???7SpV8?7 7UZO'44 ](O
<7{ 6/7Z- 7& 3 7`7 7b7(7EPassive AttackF?7Z
d7Lza^7Z 73L C =a SM%b^F6/B=^Z
K^Z b^W i&M `S$ Y^

W
76
) (9-4 .

\77Sa"/77"77V8?773M77
/ 77 <77ZO%778?77?. 77
6/4EDNS PoisoningF- L "Ig7-pVZ 04p 7I66/7
zagO%U74$ 7K7]6Bd7L077p7$747IJ/7
?_/b?{r p$ ZVZ 04p7Jx
7 d?. 7- 7L "I7I

IxJ/?$3r_/b} /6
I4d&g76 7] 6/74 7

J/ "&<$yib?_/b? /}m&{r
BdLza=4dL?_/b%#? K
x8d`6dL+/"7wF6B 7b B76 7IrK 774_/7b
FdLEi,< F6B^Z=B7F76/^%7b 77
(776m 77ZSza 77bfx77877r/77- 77& 36/77Z77`6<77h77 77b
^ d0dL?_/b%#?b^WxpiI Ki,

5.4 : )(Address Obfuscation

`6 bx8M dLF6BHw7m7n 7"&<7
m36<&" dL KU#
6 bx8M?zaH(6<&" d7L 736/LF76B
77

W

Kz8mr i,U40b6% yib" I<

%S776U77Z77(6?778F776Bd77L 77"&<77$/77 = 77 E 77I8
KdL4/ 4 3"&%"6
778%7#d7L 7"&< m3WF6BdL<&" U4$
77"I<77$ "77Z77 77b _77n?77Lf/77 77Z?H 77?_/77b
Esabb.comF%7#d7L 7"&<$m Esabb.net.msFy3byib
7"<7#=B7d7L ?7,6?\/7&KE11-4FE10-4F(M
K ZS)/cI= IvS%#dL
(77My77nf/77 77Z? 3 77?_/77b 77M 77 77,6?
%S776F776Bd77L 7 77h@ 77OM 77b =77 E13-4FE12-4F
M/7 7Lm&?KEsambaonlineaccess.comF8$?dL4/ 4 3"&%"6
%S6 77/77W 3 77bO$77OEonlineaccessF77 _/77b 77"I<77
778? 3 77?_/77byi77b 77"I<77 77Id77L4/77 7 4 3"&%77"6
7%7#d7L 7"<7#=B7d7L ?,6?\/&KEsambaonline.comF
K ZS)/cI= IvS

78

W
) (10-4 ""
) (11-4 ""

79

W
) (12-4 ""
) (13-4 ""

W

80
: 6.4
(Malware Attack)
p77 77H77x778MEi77,F^77Z- 774d77y377bO
q77za776F77(x7780377K6 77br77(77 (377y]77b
K^Z Y
M4=BEmalwareF3
p7 7+x]I- d3L/ b3qfx8yZO
7bO7I4 737U7rK(i7,^)7Z73L (3y]b
^7Z<7$^7Z76BO7I4 7_/7b%&)('dL ^Z
fx7877
7 S%7]rM/bm ZSU4 %b^F6/B=
7bza C 7=a6/7Z- 7& 3fx78 7à<7Zri, Y
Mq
_/7b%&)('dLd M^Zb^Wf=iIJx
K%``@m&?U4 bd Jx
77S-/77`&V77Z077 /O%778H77x77C+=Y77/77"\77Sa
V77Z77`6m7777Jx77i77, 77Y
MEKeystroke
LoggerFyO 77]
f=77`6Jx bza C ={`6<hyO `SU4-/Ì

Ki,b^W i&$- & 3p^ Yi

: 7.4
(Search Engine Phishing)
7BV d737&('ad7L. 7&a%78" 7#p\/ ?`6/
O
77 778d77Lfx77877/77K778- 77VI77 (377U774ERetailF
81

W

K./ (3U4I- VI4S 3

<6 (3U4vi3- /M/Y]dLfx8 a<6
S 3HxXZZr I= ]- VI ,6?dLfx8P3O
K- VIfx84
t7v7i3- 7 /S?6/4qI4 ^Wvi36 I4
d7L7{7r%7&('$" 7#$ Y7n/7BV ddL/Yr Yr
KH"qIfI4
6 a-vi3V& -Z/
74 7a/7m7&{r7qI./dLfx8^Z+= 6I4
MH 7ZS. 7&) 7a76/- & 3%&('aP3OmI0"6./
m7O & m 7r{d7Lx7i7nJ'7d7`r% 76i?dL
Kmb^W i&M `S$^ZOLt6/Z

The
) : 8.4
(Popup Attack
x7rId7&
/c&@+= I0 Hx86
x77 (37- i]7b<7cM% ?(EPopup BlockerF`3I
7 H7x78?$aK+g7 7&MHx8 -$wL`r
K- i]bMd&fx8
3L Sza$ r
+x77r &%778E14-4F(77M 77 H77x77C776`77`6/"
+x7r Ifx78MK_/7bd7L yi7#d7L+7(+x7r & 7?73IO+/b
^7Z <7 6/7- 7& 3m7P3O^7Z 707"677
6`3I

W
82
/= ìI?J6g7 7H 37

}^Z `"I 33%"6P3I K
_C@``%+xr I(F ++xr I. 7"4a787`3I ^7Z
?774_/77b=77Wi77,4/77"077 77SM77 77#_ &m77
xp4 K_/b
) (14-4
83

W

(Fake Address Bar) :
9.4
m7p 7<6%&('$" #$0 ?/" ?Hx8 6}

(377y]77b+x7r &77U774.B7XM77I6/77F76B6/77W37
7&('ai]7#/747 7bH7x787(KEweb
browserF7
Kii# Y&?U4i]b/B3O I ( ]6B

Java F?w/( r
?]- IÒ{^H7777x8x]IO<6
KEJava AppletF?w? r

?EScript
7+7-74{7 (37y]7bMI6/W. ] a(
x77C?w/(77 77r
?77=r 77n{77<776%77&)('d77Li]77#773L
/7bI76?window.open? EfunctionF7]^776/7
K?no?` ?location?
76/74- 737U74-^7Z76I4Hx83"6
y]7b&U4dL_/6F6BdLza-%&('a6/ =M=
y]7bM%7``@7I6/7W. 7] a<h+/W 3/B3L ^Z
7r
?77]- 7IÒ- 7&/ 7 -^7 mF6B/ 3
+=7#d7n(US?EJava AppletF?w? r
??EJava ScriptF?w/(
KI6/W
/BEimageF
M07 ~ =} +=7#7P8U74F76B7I46/7WE15 J4F(7yn6
EInternet ExplorerF1 ?==3Z aw&'&a? (3y]bi]bU4?
F77d77LzaEwww.nike.com/main.htmlF77Ig77677``S 77Y& 773
1 http://www.microsoft.com/ie

W

84
www.contentverification.com/graphic-F77777777777777n/i]77777777777777b777777777777774
KEattacks/demo/adbarframeset.html
/7 y]7b^7 7(mZ]& Z E16-4F(/6
774 F77(IOv77S9.23<77L=^77ZIEOperaF1 ?/77??77 (377
77I/774%778/77?y]77bM+77
77# 0377Z77IF776BO
M 7,6?K7n/i]7b73L7I6/W. ] a SMdL%``@
77I6/77W\?/77&F776B77I6/77W 77b /774m77Z]&(77
KEgifF$ EimageF+=#8F6B

(1) opera.com.
( 15-4)
85

W

"( "16-4)

t7?_/7b1 7S 8F6BI6/WH?U4/
777iI777&('a7776/ 777=w777=? 777I4%777(6/ECitibankF2 ?777I
77777877777/ 77777I4 77777 E17-4F(77777M 77777 _/77777b77777b^W
?7It7d7%&)('E6/`?WIsupport@citibank.com
(1) http://www.antiphishing.org/phishing_archive/Citibank_3-31-04.htm
(2) www.citibank.com

W

86
6x80"6K?It?W_/b.p4<86x83LrYZP]

7I4777ì4 ) /
/U4,m3`Z}
_/7b7L "<7L=mI0"6/B/Yc6/d3OI4K%&)('f6/
PIN Personal
F%77b^F776/B77=EATM/Debit
card numberF%77
fx787ì747/7 ?7/Ow4EIdentification Number

77$77
?7m7&?766<YI6 7I7b6.p77?8
K?It?_/bF6BdL+=#/6E18-4F(>>ì
N77(6$%77&)('776 77=M77
/ 77I4a ` 77 77&/ 77
7`074p7(v7S Z SM / b^W+=/,
KmrLJ?dnEFromF/
K?It?_/byibdL+=#E19-4F(/6
07"4/7WU7476f/8 77=U74 Z M /-S
777YS$ Ehttps://web.da-us.citibank.com/signin/citifi/scripts/E-Mail_verify.jspF
d7Lzag7O7``@M 7YI(_/7b<%8?citibank?(U4/
7777?7777 Ehttp://69.56.202.82/~citisecu/scripts/E-Mail_verify.htmFF77776B
7Cp 7 76EHypertext Markup Language HTMLF07%7bIB7'
773L77+/77fx778p7777L77I774F77I77/77/774
K 6 i, M6 b

87

W

) (17-4 " "

W

88
"( " 18-4)

?< 77@%77bI6/77?U77Z6F776B77I6/771 /7 H77?
77(M. 77,77]EText
FieldF%77b&77`Sd77n778Ehovering text boxF
7 Yr 7 0b6E19-4F(M y]bM%``@I6/W

Kz8

(1) http://www.fraudwatchinternational.com/phishing-fraud/phishing-web-site-methods/
89

W
%"6(/ `} +/c&E20-4F/747I47 7bi]7b

/776v7S7I4i]77b@``%7+x77r &76/77I46/77Wza 7b
I/Yc6@` Kn%bI

) (19-4

90

W

) (20-4
91

W
"! 456
(9 < ./: ('&
)(Phishing Countermeasures
)(Filteration
) (Security Patches )(Firewall
)(Cross-Site Script - XSS
)(Visual Keyboard
)(Two-Factor Authentication
)(Mutual Authentication
Anti-Phishing
(Toolbars
)(Anti-Phishing Softwares
x8L I6]Fb)
/.- ,- VC+ "#$)('& K%

87

W

1
92
: 1,5
%7&('$" 7#$- 7V873L7 YrY7o- cI{(

" 777#$- 777VC- 777cIfx77787 7` 777Z Y&777W777-./777
a 7 7l
" 77#$- 77V877q77IO77Lt77/ 77Z77Ò 77Y4L773L%77&('$
K%&('$
W% -./
)fx8O
1.1.5
7/74p7)<CUIZ%&('a6/IcI.p46BO
77/fx778w77& a 77/776/`H 77Z@x778y77Z6K77cI77b^77iI
K6=
" #- V84=x&a ,6?%"6$?ii#
(Bounced E-Mails) 2.1.5

U774 7777cI77b^77iI%77&('$" 77#$ 77=J7777L
3`7Z 7 7ì6 I4KdLM+
g ]&('a6/6 I4
= 7Wad77/ 7za 7Y
grm76V7Zg Y&?6 Ifx8
Km6VZgm&3`Z zabO /fx8
7b+7O/ /{r cIb^WiIw =? / ?
- 74zag7O+7O/766 /+/ K Yb^WiIcI za
K6=
" #
1<77L=+77"MEbouncing
emailF77O/776E1-5F(77y77n6
77iI 77b7 3L 777

/ %77&)('776p77 3`77Z 77 77`6
93

W
^7bv7S?xyz.com?7cId7n 7b<7 7"IM7cIK 77/

`6 ì 3`Z< ^Z?V7Zg7m&??ahmed
zaJ?77
Mm776 77cI77`r M 77" 77
={2<77L=+77za 77/ /
I
M@ÈFromF K /

) (1-5 )(Bouncing Email
3.1.5
/77 773L-$ 77bO$773= 77Z]$-77=/za+ 77 B77

W

94
d7L74 77r=7- =7Z]$7+7o7&37rK.p

K" #- V8
%SOL%&)('
4.1.5
-$ 7777d77Lg7777 - 77Z@U774- 77F77773L/
?-p6777i?%777b^F7776/B7 7=g777O?- 777Z@za 777
K =_b SM- iZ
5.1.5
r ,Z/-= =#- ] & ^S? b6
M7=7#- 7]^77$77]6B<YLMrYZcI3L
K]6B<YO i]b],ZM?<Y
F77,Z7 (377 7 773L7-$ 77@fx7877_ 7 7(
8= 7WcIB==#- ]% F,ZcI%&)('dL
7Ì7 O/07d7 7ÈreferrerF?/7W?7`S77ì76/4
+=7bF77iEHTTP Hypertext Transfer ProtocolF07%7bI
77`S 77 aK+=77b/77t7777&)('i]77b77I4(77Jx77
07r/76 7{7r7YkI4za?cII4gzag6?/W?
+=77#-/77 p7S7 6} 77 77/77677L?+=77bF7777iHTTP
K"+=b$m3I6/6x
7 O1 - 7`077`h0ZirK Sza r./
)x8
7+7 ]d7nEreferrerF?/W`?S{rEHTTPF0%bIÌ
95

W

7`@77Lg7O7 7({?p7(UIKJ= `Sm&?

J? 7Yrd7nO7L``@i]bzagO?$3rK6 i( &a%
KEblankF= rE'O?L
77L77ì+] $dI$?/W`?SM6 i( &a
377rK%7 &('$" 77#$- 77VCJ77b 77,./77
a77 7777`@
077&XMp8 77
%7 &('$" 77#$ 774M 77377(677L6 77b
7M 6k?/W`?Sì(r S$x8w]6prI]
K-$ @fx8
?/7W`?SLì\b`+] p\/ ?- S'LE I8
7 7,6?ì 7 %7&('$" 7#$- VCJb ,./
am]#
7,+=7bFzar n) 3LF0Lm&?
7(67F777Lhi]7#7 7L+=7bF7707?
K 78B=7cI =7W=7#- 7]7i7Lh- i]7b`\r
7({{7r6 7b73L7?/W`?SM6 iaUS`6/"fxY
7La M n)ì6/4+=bF0=b
VIw& a$?mZ]&+=bF0 =bF0
07 " 7/76 7&/ 7 ?+=bF0r/6{ r?$?
K brML/6xiY3IO+=b+=bF
76o=7b^773L/?J? 7, ./7
)x78y7n1
77S? 77L 77I42 ?N77O?_/77b77S 778? 778B=?77cI =77W
(1) F-Secure (http://www.f-secure.com/weblog/archives/archive-042006.html)
(2) http://www.chase.com/

W

96
77#_/77b =77W+=77#^77 774?F776Bd77L. 77&{6 77b

KE2-5F(M _/b 3Lr ,Z
?N77O?_/77b%77``@d77L+=77#/776E5-5F(77/76
K?NO?_/b= +=#/6E3-5F(
? 78B=?cI =W6o=b^3L/? , ./
)3"O
77ì 77rK77O%77&('$" 77#$77V877_/77b77%77i 77
" 77#$774F77( 77 _/77b =77W+=77#F7777077= 77b
(7M 7 /6x7i7Y3IO+=7b/ C ra_/b(%&('$
Md7`6?73Li7,/7Bm73IcI =WF/$E4-5F
K%&('$" #$r
7x78ME4-5F(7M-=t776/6xim73I 7=\
<7L=d7n?KKK777bOJ/7Z7L=07(Opr 7/fx8w6?=a?8
K bOp
97

W

) (2-5 ""
) (3-5 ""
) (4-5

W
98

) (5-5 ""

2.5 : )(Filteration
} 77=]77bO7 O776)('&%77M YS/77W377t77]77b%& 77
/7
a Y]7b 77,.g77 7/ 77, 7Y& M77 r 7,6?ESpamF7/
- 7VC "77#$'($&%77 77=U774+776)('&M%7777
KEdeception-based phishing emilsF

99

(Security
W

) : 3.5
Patches
(Firewalls)
- 77IÙ7747777I778%77&('$" 77#$- 77V877&?77S?
7Y
M7I-/7p7m7p 7<76Etechnical
subterfugeF7I]
KEmalwareF3q0 /OESpywareFNZVq/=Bi,

Eoperating systemsF77c&7I- 67i/7 07 /O 6}
=7
F7 +B7Y
76 EInternet BrowsersF7 (37- i]b
p7U74+7%7&('$" 7#$- 7VC$ 7 r 7,./
a6 X
KI-/
(37777- 777i]bMI-/pU41
EMozilla
FirefoxF?N7777 r/6 rp677?y77]bM77I+/77" 77#774
Unified Resource Locator - F7IF76BO074pwS O?t1.0^ZI
^7Z7 7SM73IOt7Edownload windowF7i+x7r &MEURL

K dLF
77i+x77r &77 y]77b<77bOM77" 0377Zwh77S+/77fx778
K/7"^^7Z / 7O}7L+/7fx8K.% (6"6 I/O
76/74%78+/7fx78p77V&i7n^7Z7L`6/H/L?
<7h7F76Bd7Lzag76Jx77&('a6/ =M=U4,
Y&?U4i,^Z/YcOxYF6BdL3 q/
(1) Firefox flaw raises phishing fears, by Ingrid Marson, Published: January 7, 2005
11:06 AM PST , (http://www.news.com/Firefox-flaw-raises-phishing-fears/21001002_3-5517149.html)

W

100
Kyi#dL
Zp- 6i?N r/6 rp6?-=#?+/fx8_

7L/7" J 7]m76y]7b%^7Zd7U7407
+/fx8
K+/fx8p$in

Cross-Site Script
) : 4.5
(- XSS
7Emalicious content injectionFv73\o`SH?M &/

v73 \77`S?r n{`66 b?%&('$" #$0 ?
\7ox787`6?7(KElegitimate siteFyi#dLza Emalicious contentF
W% v3
K\/ ?dLzayibdL/m
O+ 4a J
KdL/ Y
MEmalwareF3 q/0 /O J
K%&('$" #$ zadLM - & 3m
O+ 4a J
M7I?+/7hp776/74\7o7`H7(`
fx78M73 7k/7 ?7`SEhackersF/ 7^y6 (3
%77k/77 %778Ecross-site
script - XSSF777+/77fx778_/77OK77
37U74K%
= 7 =7b73L7_ ,\qI6Eprogramming flawF
Euser reviewF 7q7I=B7`<O?EblogsF- &M=B- Ò
- 77 /Mv77- 77 ?Ediscussion
boardsF 77Ì- 77`SM 77=?
7777 (3777777U77477%77&)('776M+ =77777777=?v77i3
101

W

KEweb-based emailF
H77%77&('$" 77#$i77n77L/77" J 77]U7777`6/"
77M 77Yc]S773L 778 a77 fx778]77bO778v773\77o77`S
K=B- i]bU4 Yn/44 n%

(Visual Keyboard) : 5.5

<7676`7`6/"746/7Z- 7& 3 7 )76`6/fx8O
= 7777& )('77i]77#M77/yO 77]77S776/774 77C a
yO 7]7S7H7" 7]U74/Ì+=]6/" YI^Z
KW U4/
776/7746/77Z- 77& 3L/77Z 77,./77
a77/yO 77]77S773"O
7Y
7Ekey loggingFyO ]S-/`&VZOtEmalwareF3q
p^7 Y7i7`6Jx7 7bza C 7={7Ò<7hi,
Ki,b^W i&$- & 3
^77Z =_77b77S77/yO 77]77SE6-5F(77/776
Km ZSza 6/Z- & )
/67"OU7S6 7b7Z6<r Sza r/yO ]S
^77L7M7/yO 7]S43"- & 3` $3 q/
K&)('dLM/yO ]S
- 77& 3U774_/77773 q/77/677"O77 7`S$77/ ^(77677L
K/yO ]S"(

W
102

) (6-5
6.5 : )

Two-Factor
(Authentication
?77 7,6?_/7667b`x78MKEStrong AuthenticationF?J7)
/7.
<6^/`6/ ,6b=
?U4 K6b
/-phE I8 W6b
103

W

K=/ ^Z <W?what you know??_/O J

Esmart cardF xL "3 W?what you have?? J
d37#)7b3 76@- ]7b%78W?what you are??w7&?7 J
KEfingerprintF
7Yr<76I%86b4M^Z6``6/"
7bO$4Mr/"(r/L- & 36b0 6BO
K=/ ^Z <
76B fp74?+= x77&4&<^6% I6bM
K xL "3?^d3#b=/ ^Z<
^77ZOt77EATM
cardF_/77b77L "% 77I677bU774 77
77`6J7Ì0i7Z74MK%7_/b+BY
?JÌ0iZ
7 { ,6?`6?? %& IOtL "3{
K?_/O? I6Jx=/
77 776/77Z- 77& 3/7ZO%77&('$" 77#$- 774M+ 74
\/7 ?- 7& 07<76x?_/O? IFIbOt=/
67b7&?76/7 4Iza%IO- & 3 6b4Mr na
K?w&? ????
74%7&('$" 7#$- VC ,./
a^Z6% I6b
" 7777#$EMan-in-the-middle
AttackF7777M7 77
/7777V877776/
KEIdentity AttackFb^ i&dLF6BO6/4%&('$

W

104
(Mutual Authentication) : 7.5

x78MKETwo-way AuthenticationF?f $% I6b?7 ,6?_/6
677b 7777`r/77 Y77, 7777777 7 b6}./77
)
N6 7` 6b fg?%b^F6/B=6/4
m7&?77ì6773L7 6bO<6 ,6?EBiometricsF6@
K ]6B L(6 bîINb` b
77ì 7L/ 7bO74Mr/7"77( 736by6
K3 Y,68i#
(7y7n6f 7$J 7S67b74E7-5F(yn6
K 36b4E8 J5F
7`67Sm7&?%783L 6b^Z/"\Sa
^7ZOEphraseF7?+=7#= 77{7r 7\VZ
7`6 7 bO. &aIrK3L 6b `S$
+=7bw7& {rVZ4M `3Z+oX+=b/
K 6bO<6ii#X
74%7&('$" 7#$- 7VC 7,./
a^Z6 36b
" 7777#$EMan-in-the-Middle
AttackF7777M7777
/7777V877776/
KEIdentity AttackFb^ i&dLF6BO6/4%&('$
105

W
) (7-5
) (8-5

8.5 :
)(Anti-Phishing Toolbars
6/77W?+774J776/77W778-==7777IF 7777(6
4M+YX/76KEApplicationF 773"O7766/7WE9-5F(7
?y]77bU774?77

?-(377777777 F?==377777Z aw77&'&a?77
KEExplorer
Internet

W

106
- /7777776 77L%7 &('$" 77#$- 77V8/77" U774=

-?/777W? 777& ?wr777/(6 ?7777 - 777k%777VI?eBay? /777
U7774EAdd-onF- r 777na0777 /O%7 7&('$" 777#$777ir (M777bb^
KEE-Mail ClientF%&)('64q/ (3- i]b
" 7#d7LmO= 6I4^Zm3IO8 4(/Wfx8]
U74_/7%7&('$" 7#$ir (-?/W?p 6K83
m7O= 6/7d7L74p$6/4%&('$" #$?= dL
7YrV
7ZO}EdatabasesF- 7& 74L7=764?^Z3L
Y67<76t83(]?.%&('$" #$= dL
76/74?%7&('$" 7#$d7L _7 M7bb^- Y
3L
M7` 7L/^7ZO-7K6/ ^Z+=- p3
7736/V/77"773" %7 &('$" 77#$d77L 77=U774_/77
" 7#$- 74_ 7 $EpatternsF/8 7cU74_/Eheuristic methodsF
K%&('$
" 77#$77ir (-?/77W?F77^77 LE1-5F77X/776
K (3U4 Y"=zar n) %&('$
Phishing
Fq 7&/%7&('$" 7#$ir (-?/W?U4$
x77877ì6K 77Z^77ZI==?377Z aw77&'&a?y]77bd77q771 EFilter

8377i]77bw77& a 77YO= 6^77Z077"6i]77#77 77q 77&
/6x77i/]77# 77=-77I6/77W077& Q-y]77bU774?M/Yc77Zr
(1) Microsoft Phishing Filter: A New Approach to Building Trust in E-Commerce
Content, anti-phishing white paper, Microsoft.com,2005
107

W

- 7& J?. 7ra7y7bIO7Y3IO =/=BU4, ^Z

KE10-5F(M i]bfxCb^W?6/
73L7m7O= 6H7"dL?EPhishing
FilterFq &/ O SM
7I6/7W07& Qy]bU4?M/Yc J" #dL8^Z

" 7#$i]7#/74dI7m&?r n) ^Z /6xi/=
i]7bp7a 7a =7 Yr6/6xi]# YI$/6%&('$
7 ^7Z 7ZU4%&('$" #$i]#/4M=/$?
KE11-5F(M
-5F(77M/771 ?SpoofGuard?-6/77W778/77 77
LdL{ r^Z3LmO= 6/dL+fx8ìOKE12
+d"7ZOa./77&`6?+/7Zr" 7#dLm&?U4_/ 4}
./]7#7&`6?+/7Zr$" ?7#d7Ld7L a U4_/
K./, &`6?+/Zrm&?U4dLìa

"( " 9-5)

(Internet Explorer)

1 crypto.stanford.edu/SpoofGuardL

W

108
. .(1-5)
microsoft.com/ie
Internet Explorer 7 Phishing Filter
pages.ebay.com/ebay_toolbar
www.callingid.com
cloudmark.com
earthlink.net
toolbar.trustwatch.com
crypto.stanford.edu/SpoofGuard
eBay
CallingID
CLOUDMARK
EarthLink
TrustWatch
SpoofGuard

( 10-5)
""
109

W
) (11-5 "
"
) (12-5 ""SpoofGuard

W

Anti-
110
) : 9.5
(Phishing Software
- 77V877n776 @Esecurity
softwareF776 @q/77<77c77,O
p77U77477? 77/U77477 77Y4I%7 &('$" 77#$

KI-/
" 777#$ 777=d777LU7774_/777 7 74q777fx7778d"777ZO
%7&('$" 7#$ir (-?/W?M3 YZ]&`6/" %&('$
(377- i]77bU774- r 77na-?/77W?077 '77Ò776 @q77r
K%&)('64q/
" 77#$- 77VCJ77bzar 77n) 3rK77 ($77S776 @y77O
-/77`&-pV77 ZEmalewareF773q77yr 77(O 7 ,6? 77Y&{r%77&('$
Kb^6/Z- & 3L/zaJOLtEkey loggerFyO ]S
K YI+
/+ ]ì% ?/W/Z6 @q/v6
77n776 @U77477776 @q7777 L/776E2-5F77X
K (3U4 Y"=zar n) %&('$" #$- V8

( 2-5)
(3=
kaspersky.com
symantec.com
mcafee.com
trendmicro.com
bitdefender.com
grisoft.com
pandasecurity.com
6 @q &/

Kaspersky Internet Security
Norton Internet Security
McAfee Internet Security Suite
Trend Micro Internet Security
BitDefender Internet Security
AVG Internet Security
Panda Internet Security
111

W

)(
Access
bO
Active Attack
IVC
Address Obfuscation
I6O
ATM
Anti-Phishing Toolbars
%_/b+BY
?
" 77777777#$77777777ir (-?/77777777W?
%&('$
Anti-Phishing Softwares
Application
%&('$" #$ir (q/

3"O
Attachments
- `r/
Attacker
<
Y
Authentication
6b
Backdoors
] H?
Bandwidth
bO$+ IL
Bank
_/b
Biometrics
6@N6 `
Black List
.Z`
Blog
Bounced E-Mail
Browser
&
+O/%&)('6=
y]b

W

Chat Rooms
Commercial Whitelists
Computer
Configuration
112
h o_/
6= V. ,3`<
H S
3nL4LPYO
Content
\
Cracker
H/
Database
Data Integrity
Dialog Box
- & +4 L
- & 3E (O?Fp
J=SI#
Dictionary Attack
` V8
Discussion Boards
` I- `S
DNS Poisoning
Domain Name
Download
E-mail
- L "I. ?< ZO

" I<

%&)('6
E-mail account
%&)('6H ZS
E-mail address
%&)('6I4
E-mail client
%&)('64q &/
E-mail Filtering
%&)('6]bO
E-Mail Header
/=?Z6/O
E-Mail Route
%&)('6 == Z
113

E-mail Server
Fax
W

%&)('6
EN ]F &
Filtering
]bO
Firewalls
6 @
=
Form

Forums
- 6I
Hackers
E/ CF (3L'
Heuristics Methods
Hosts File
HTML
HTTP
Inquiry
Install
Instant Messenging
Internet
Integrity Check
36/V/"
],F
0%bIB'
0%bIÌ O/
p
w3OL0bIOL0 /O
/W 3'L%&'
(3
(ì
IP Address
w&'&$ O/I4
IPS
- L '$dIc&?
Junk mail
Keystroke Logger
Locally
H/g6
yO ]S-/`&VZ
%

W

Look and Feel
Malicious content
Malware
Man-In-The-Middle
Message body
Mutual Authentication
114
ZS)/cI
v3 \
3q
M
/V8
/&
36b
OCR
n_@U4_/
Online
/W 3 bOL%& bO
Online trust
Open Mail Rely
Operating System
Passive Attack
Password
Pharming
Phishing
%&h
]%&)('6
c&
ZVCLSpVC
=/
- 7L "I . 7? -pVM04p
34=BL
%&('$" #$
POP3
60( O/
Popup
`3I- i]b
Programming Flow
Regular Expressions
Scam
%k/
r-g3
4
115

Search Engines
Security Updates
Server
Smart Card
SMTP
SMS
Social Engineering
Spywares
Strong Authentication
Subject
Text Field
Tools
Traffic
Two-Factor Authentication
Upgrade
User name
Version number
Virus
Visual Keyboard
W

vi3- /
I- 6i

xL "3
Z36 &Ò/
+gbLb& =
4
$IC
NZVq/
J`6b
/n
%b&`S
+4 Z-
r
% I6b
L'-=#a
^Z<
^ZI<L=
gr
/yO ]S
Vulnerability
+/h
Web browser
(3y]b

W

Webmail
White List
Window
Worm
www
116
(3U43%&)('6
. ,3`
+xr &
+
(3

117

W

+ *

Jonathan B. Postel, "SIMPLE MAIL TRANSFER PROTOCOL", RFC 821,
(http://tools.ietf.org/html/rfc821), August 1982.
Network Working Group, "Requirements for Internet Hosts -- Application and
Support", RFC 1123, (http://tools.ietf.org/html/rfc1123), May 1996.
Network Working Group, "Post Office Protocol - Version 3", RFC 1939,
(http://tools.ietf.org/html/rfc1939), May 1996.
Network Working Group, "MAIL ROUTING AND THE DOMAIN
SYSTEM", RFC 974, (http://tools.ietf.org/html/rfc974) , January 1986.
Network Working Group, "Common DNS Operational and Configuration
Errors", RFC 1912, (http://tools.ietf.org/html/rfc1912) , February 1996.
7P8?67Z7/(M iL$ /8/dn`<O?
2008 J77777777777781429- 7777777777777777777777IÒ-$ 77777777777bO$

Ehttp://www.spam.gov.sa/Statistics-Arabic.docF
The State of Spam, A Monthly Report February 2007, Generated by
Symantec Messaging and Web Security
(http://www.symantec.com/avcenter/reference/Symantec_Spam_Report__February_2007.pdf).
(http://www.commtouch.com/documents/Commtouch_2006_Spam_Trends_Ye
ar_of_the_Zombies.pdf).
CALIFORNIA BUSINESS AND PROFESSIONS CODE, DIVISION 7,
PART 3, CHAPTER 1, ARTICLE 1.8.Restrictions On Unsolicited
Commercial E-mail AdvertisersK
?Virus
description service" from "F-Secure", (http://www.f-secure.com/v-
descs/novarg.shtm).
WI2004\Z6\316= `6/r?HIX24= 3 +6/
SA cops, Interpol probe murder ?
(http://www.news24.com/News24/South_Africa/News/0,,2-7-
E1442_1641875,00.html
Thomas A. Knox,Technologies to Combat Spam, GIAC Security Essentials

W

118
Certification (GSEC) Practical Assignment, Version 1.4b, Option 1 , SANS

Institute, June 16, 2003K
Gmail uses Google's innovative technology to keep spam out of your inbox,
gmail.com, (http://www.google.com/mail/help/fightspam/spamexplained.html),
December, 2007K
? Nick Johnston, PDF Spam: Spam Evolves, PDF becomes the Latest Threat",
Anti-Spam Development at MessageLabs, A MessageLabs Whitepaper,
August 2007K
Anti-Spam Research Group (ASRG) of the Internet Research Task Force

(IRTF), (http://asrg.sp.amL).
Mark Ciampa, Security + Guide to Network Security Fundamentals, 2nd

edition, THOMSON, 2005.
M. Jakobsson, S. Myers, Phishing and Countermeasures: Understanding the
Increasing Problem of Electronic Identity Theft, WILEY, 2007.
R. Lininger, R. Vines, Phishing: Cutting the Identity Theft Line, WILEY,
2005.
L. James, Phishing Exposed, SYNGRESS, 2005.
A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and
EI3S.pY
%&('$" #$= h]@ L?
77V@J7714w377Z677Z 776/+776/
7777 ?677Z
13718 J2006/6 I614 J781426
Christopher Abad, The economy of phishing: A survey of the operations of
the phishing market, First Monday, volume 10, number 9, September 2005,
(http://firstmonday.org/issues/issue10_9/abad/index.html). M. Jakobsson, S.
Myers, Phishing and Countermeasures: Understanding the Increasing Problem
of Electronic Identity Theft, Wiley, 2007.
The Anti-Phishing Working Group, www.apwg.com.
Phishing Activity Trends, Report for the Month of November, 2007, AntiPhishing Working Group (APWG), apwg.org
Gartner, Media Relations, 2008 Press Releases, Gartner Survey Shows
Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These
Attacks, (http://www.gartner.com/it/page.jsp?id=565125), 05-March-2008.
Joris Evers, Staff Writer, PayPal fixes phishing hole, CNET News.com,
119

W

(http://www.news.com/PayPal-fixes-phishing-hole/2100-7349_36084974.html) , Published: June 16, 2006 4:12 PM PDT.

Sebastian Bauer, Knorr.de SQL Injection and XSS Vulnerabilities,
(http://blog.gjl-network.net/blog/index.php?/archives/78-Knorr.de-SQLInjection-and-XSS-Vulnerabilities.html) , 01/12/07.
http://www.antiphishing.org/phishing_archive/Citibank_3-31-04.htm
Ingrid
Marson,
Firefox
flaw
raises
phishing
fears,
(http://www.news.com/Firefox-flaw-raises-phishing-fears/2100-1002_35517149.html), Published: January 7, 2005 11:06 AM PST
Network Working Group, "Hypertext Transfer Protocol -- HTTP/1.1", RFC
2616, June 1999, (http://tools.ietf.org/html/rfc2616)
Microsoft Phishing Filter: A New Approach to Building Trust in E-Commerce
Content, anti-phishing white paper, Microsoft.com,2005

Phishing PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Phishing PDF

Uploaded by

Copyright:

Available Formats

HTTP://COEIA.EDU.

  342 6/ 781429

MN6=7O7P 8,4 Q- B B //6  S 6

1.1.1 )15 ................................... (E-Mail Client

1.2.2 : )31 ................... (E-Mail Spoofing

4.2.2 : )34 ........................ (Dictionary Attack

1.3.2 : )34 ................................... (Filtration

3.3.2 : )37 ...... (Commercial Whitelists

1.4 : )67 ................. (DNS Poisoning

: )76 ..................... (Address Obfuscation

)(Man-in-the-Middle Attack MITM

6.4 : )80(Malware Attack

9.4 : )83 ................... (Fake Address Bar

?xI?/b4)&'&/L 73Lw7`47&7F7b 7B^7 YO

 = &$"//d= 6\ZU4./r?<7c%]rK- cI

7`6/m7O &(v7 S7%&)('6 c& 8  b]x8/6

EData NetworkF- 7& 3(37WU74 I3EApplicationsF- ` 3"(O

ClientF%77&)('776 77 47777(677Yr- 77& 3(377W

(E-Mail Client) 1.1.1

?q 777&/%777&)('7776 777 4q/777U7774777777

(E-Mail Server) 2.1.1

Transfer AgentMTAF76 7`& 7 7,6?U7Z6

%7&)('767 za7%&)('6 = 3`` 6

K?wr/(6 ? /WE2F?Server

)(Web-based E-Mail webmail

 77 L-p 77O/77

KEhttp://tools.ietf.org/html/rfc821F` h^)('& ZIE1F

My7n78 7 EPortKE3-1F (7(?7g776

/6 =<L Kx]I

Name System - DNSF- 7L "I. 7? 7c&

K 7YI  7 r 7 ( (7 7O +4(6 (3  

gr7 7a7.=037Z767S 7"&<7)%7&('a76/ 7 

F 7 (% ,]O<L=d 3`Z}%&)('6 . 

/<L/7]07 O/O78% 7,7 7 7(rK=<7L] 7,

7Y]6/Ov7 S77/g7%&)('6 = b]x8L I6

F%77&)('776 77cIESpamF77 773O= 77W77`K 77/

777/ 777J?U7774 7 7,6?7773"IO 777Y&a$aEE-MailF =777b ?EMail

K\/ p4) ` =& Pn]( = c&J?4 8/&

Saudi Anti-Spam ProgramFE77/g77F77  iL$

 JB Yt- U4. IH/g%&)('6

F77/g77+g77b` 77bI 77/377Z& ?7,6? 77bS)-/77Y?

w7 J6ZM` IFO C%+=- U4. IESpam

 I`O-$ bO$P 8?6Z /(M  iL$ /8/dn` <O? E1F

2008 J781429- 

7742 ESymantecF?&  77?W /77WmO=77#?1 J/Y77W/776/`O/77Y?

F 777bO$+ 777IL777ZJ=/777,g777EpY777$

The State of Spam, A Monthly Report February 2007, Generated by Symantec

ESymantec.comF- ?- ` 3"O kMbb^ /W%8 E2F

%&)('6- ?- k/Mbb^ /W%8E4F

77LKEInternetF77 (377774 77bO$77Z 7,6?7cIEBandwidth

%&)('6- ?- k/Mbb^ /W%8E2F

m?w?7KEbitFw8(OH @M- 6Bl L+S%8EbyteF w6 E4F

 1O  E5F

. Ehttp://www.spamlaws.com/state/ca.shtmlF- bb^ 4 &=]  =E6F

J7O7Lt7 7/ I,( 3=6/4? &)('

? 76gV &M7 '3- =7$ ?7/ 7 S$ 7=%8]_8

1.2.2 : )(E-Mail Spoofing

2.2.2 : )(Open Mail Rely

O (36 4`/c&%&)('6 = b6a , 

%&)('6- ?- k/Mbb^ /W%8E2F

KEw6  V  1,700,000,000Fw6 gO1700W7+=`

7/77Ix78 7J7bM ( /] bOM^Z

F?wr7/(6 ?70(q/- ] #za?EPDFFo

342 6/ 781429

MN6=7O7P8,4 Q- BB //6 S6

?xI?/b4)&'&/L73Lw7`47&7F7b 7B^7 YO

= &$"//d= 6\ZU4./r?<7c%]rK- cI

7`6/m7O &(v7S7%&)('6 c&8 b]x8/6

EData NetworkF- 7& 3(37WU74I3EApplicationsF- `3"(O

ClientF%77&)('7767747777(677Yr- 77& 3(377W

?q 777&/%777&)('77767774q/777U7774777777

Transfer AgentMTAF767`&7 7,6?U7Z6

%7&)('767 za7%&)('6 = 3``6

K?wr/(6 ? /WE2F?Server

77 L-p 77O/77

KEhttp://tools.ietf.org/html/rfc821F`h^)('&ZIE1F

My7n78 7 EPortKE3-1F(7(?7g776

/6 =<L Kx]I

Name System - DNSF- 7L "I. 7? 7c&

K 7YI 7r7 ((77O +4(6 (3

gr7 7a7.=037Z767S 7"&<7)%7&('a76/ 7

F 7 (%,]O<L=d3`Z}%&)('6 .

/<L/7]07O/O78%7,7 7 7(rK=<7L]7,

7Y]6/Ov7S77/g7%&)('6= b]x8L I6

F%77&)('776 77cIESpamF77 773O= 77W77`K 77/

777/777J?U7774 7 7,6?7773"IO 777Y&a$aEE-MailF =777b ?EMail

K\/ p4)` =& Pn]( = c&J?4 8/&

Saudi Anti-Spam ProgramFE77/g77F77 iL$

JB Yt- U4. IH/g%&)('6

F77/g77+g77b`77bI 77/377Z& ?7,6? 77bS)-/77Y?

w7 J6ZM` IFO C%+=- U4. IESpam

I`O-$ bO$P8?6Z/(M iL$ /8/dn`<O? E1F

2008 J781429-

7742 ESymantecF?& 77?W /77WmO=77#?1 J/Y77W/776/`O/77Y?

F 777bO$+ 777IL777ZJ=/777,g777EpY777$

ESymantec.comF- ?- `3"O kMbb^ /W%8 E2F

%&)('6- ?- k/Mbb^ /W%8E4F

77LKEInternetF77 (377774 77bO$77Z 7,6?7cIEBandwidth

%&)('6- ?- k/Mbb^ /W%8E2F

m?w?7KEbitFw8(OH @M- 6Bl L+S%8EbyteF w6 E4F

1O E5F

. Ehttp://www.spamlaws.com/state/ca.shtmlF- bb^ 4 &=] =E6F

J7O7Lt7 7/ I,( 3=6/4?&)('

? 76gV&M7'3- =7$ ?7/ 7S$ 7=%8]_8

O (36 4`/c&%&)('6 = b6a ,

%&)('6- ?- k/Mbb^ /W%8E2F

KEw6 V 1,700,000,000Fw6 gO1700W7+=`

7/77Ix787J7bM (/]bOM^Z

F?wr7/(6 ?70(q/- ]#za?EPDFFo

- 77L "&. 77??7 &('a776/6 77I4U774.77Z77 `J77

addressesFw777&'&$777 O/6 777I4?EDomain NamesF

p7 7=/ 6 IO )('&` /y Z6}$&('a

7/]7b3`7Z}37ZI %7&)('76 7 4a )(

kz Y`&?.Z`

/. `{ a3`Z} @fx8M=/`E/OESpamF?EBulkF?EE-Mail

g7 7/J7b7r g7 87S. 7,3<7`.Z`<

positivesF77( 7 )q 7I7S7

<7`^7 7,6? 7/ r/ } +g#4k'/

77677 7 `} 77`?77Z- 77Y

=?7Z6/O76/4 (`i /ir )(

p$. Ewhois.netFWdL

7 6Jx7%7&)('76 }` pa8p/ \ZE I8

? 7/=7b} 7pa YI# -./

&3Zg6H/3LmI43 K3`Z

/ bO$?d$ J<L/&{rUyVI6 bO$m7

x77CEPort 77` 77, 7p77 77/

g /d&= `/ K\/

0 bO${rU4 7 7/7@= 7c&$ 3`7= 7'707S

m77r8?m77]6/Ov77S77%77&" )('77#$77b]x778L 77I6

M77]077& Xzar 77n) %4 77

P3O$m&?-]IL3`Z}%b^H Z@za -$

077%77bIB77'77%778$?77&)('d77L. 77&)77 77

/d3O /y]`6+=B /3`Z 4 J4

7771 7 7- 777VC777L "777#$'($& 777=%7 77776

EfeelEstyleFIB=dnM _/b( KE2-3F

736/Lm7nza746 7b?7_/7b" I<M I`La

=B7dLm \%# 3 dL8E3-3F(

0 7??W7brML II "7#$)('&0 7?7b](7?%7

(3U4 8#=Echat roomsFh o_/3L/w 1 =M

d7Lfx78<YI707"O 77/g66 /3L Ya 6 i,

- 7L ". 7&{ /7+7p7$x]I6K Cp<h 3L

Socket Layer SSL CertificatesF77I- Y77EFirewallsF

78g(Intrusion Prevention Systems IPS rules)'7 $d7I7c&?&7L