P. 1
Jan Gerrit Göbel- Advanced Honeynet Based Intrusion Detection

Jan Gerrit Göbel- Advanced Honeynet Based Intrusion Detection

|Views: 168|Likes:
Published by White909

More info:

Published by: White909 on Dec 01, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Phishing is an attack method, that uses social engineering techniques to purloin per-
sonal identity information and financial account credentials from incautious Internet


Chapter 2. Basics

users. With the help of spoofed eMails, i.e. the eMail sender address is modified to a
trusted name, the attacker leads customers to counterfeit websites, the so called phish-
ing sites. These websites hijack brand names of, for example, banks, e-retailers and
credit companies, to look like the original site and beguile any victims. Thus, visitors
are tricked into divulge financial data, such as credit card numbers, account usernames,
passwords, and social security numbers.

For example, an attacker sets up a website on a previously compromised host, that
looks exactly like the login site of a popular online portal, like the one from eBay.
Customers authenticate via a web formular, by entering their account name and a valid
password. Upon authentication, users are, for example, able to place bets on certain
items. The phishing site utilises a modified script for customer authentication, which
usually works in two steps. In the first step all entered user credentials are send via
eMail to the attacker. In the second step, the visitor of the phishing site is redirected
to an error page of the original website, in this case of the eBay online portal. The
error page displays, that the authentication process has failed. The purpose of the last
step is to make the victim believe some of the previously entered data was wrong, due
to mistyping. The unsuspecting customer repeates the login process, this time on the
original website, and succeeds. As a result, the attacker is able to collect user credentials
without raising suspicion. After the set up of the prepared phishing site, the attacker
needs to lure potential victims. This is usually accomplished by sending out masses of
eMails or posting of hyperlinks leading to the prepared website to Internet forums or
discussion boards.

Figure 2.4.: Phishing report [Gro06]

Another frequently used technique to steal credentials directly, is the use of trojans,


2.5. Attack Patterns

keyloggers or spyware, which are installed without being noticed by the machine owner
[Gro06]. Figure 2.4 shows the threatening development of phishing attacks, reported
over the past twelve month. Although phishing is not a new method in computer crime,
the large number of reported attacks, reveals the efficiency of this technique. A detailed
description of various phishing techniques and observed incidents can be found in the
work of [All05a].

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->