Identifying vulnerable websites by analysis of common strings in phishing URLs

2009 eCrime Researchers Summit Pub Date : 2009-12-01 DOI:10.1109/ECRIME.2009.5342610

Brad Wardman, Gaurang Shukla, Gary Warner

{"title":"Identifying vulnerable websites by analysis of common strings in phishing URLs","authors":"Brad Wardman, Gaurang Shukla, Gary Warner","doi":"10.1109/ECRIME.2009.5342610","DOIUrl":null,"url":null,"abstract":"It has been shown that most phishing sites are created by means of a vulnerable web server being re-purposed by a phisher to host a counterfeit website without the knowledge of the server's owner. In this paper, we examine common vulnerabilities which allow these phishing sites to be created and suggest a method for identifying common attack methods, as well as, help inform webmasters and their hosting companies in ways that help them to defend their servers. Our method involves applying a Longest Common Substring algorithm to known phishing URLs, and investigating the results of that string to identify common vulnerabilities, exploits, and attack tools which may be prevalent among those who hack servers for phishing. Following a Case Study approach, we then select four prevalent attacks that are suggested by our methodology, and use our findings to identify the underlying vulnerability, and document statistics showing that these vulnerabilities are responsible for the creation of phishing websites. Digging further, we identify attack tools created to exploit these vulnerabilities and how they are detected by current intrusion detection signatures. We suggest a means by which this work could be integrated with Intrusion Detection Systems to allow webmasters or hosting providers to reduce their vulnerability to hosting phishing websites.","PeriodicalId":179625,"journal":{"name":"2009 eCrime Researchers Summit","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 eCrime Researchers Summit","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECRIME.2009.5342610","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 30

Abstract

It has been shown that most phishing sites are created by means of a vulnerable web server being re-purposed by a phisher to host a counterfeit website without the knowledge of the server's owner. In this paper, we examine common vulnerabilities which allow these phishing sites to be created and suggest a method for identifying common attack methods, as well as, help inform webmasters and their hosting companies in ways that help them to defend their servers. Our method involves applying a Longest Common Substring algorithm to known phishing URLs, and investigating the results of that string to identify common vulnerabilities, exploits, and attack tools which may be prevalent among those who hack servers for phishing. Following a Case Study approach, we then select four prevalent attacks that are suggested by our methodology, and use our findings to identify the underlying vulnerability, and document statistics showing that these vulnerabilities are responsible for the creation of phishing websites. Digging further, we identify attack tools created to exploit these vulnerabilities and how they are detected by current intrusion detection signatures. We suggest a means by which this work could be integrated with Intrusion Detection Systems to allow webmasters or hosting providers to reduce their vulnerability to hosting phishing websites.

查看原文本刊更多论文

通过分析钓鱼网址中的常见字符串来识别易受攻击的网站

有证据表明，大多数网络钓鱼网站都是通过在服务器所有者不知情的情况下，将易受攻击的web服务器重新用于托管假冒网站而创建的。在本文中，我们研究了允许创建这些网络钓鱼网站的常见漏洞，并提出了一种识别常见攻击方法的方法，以及帮助告知网站管理员及其托管公司以帮助他们保护服务器的方式。我们的方法包括对已知的网络钓鱼url应用最长公共子字符串算法，并调查该字符串的结果，以识别常见的漏洞、利用和攻击工具，这些漏洞和工具可能在黑客攻击服务器进行网络钓鱼的人中很普遍。根据案例研究方法，我们选择了我们的方法建议的四种流行攻击，并使用我们的发现来识别潜在的漏洞，并记录统计数据，显示这些漏洞是创建网络钓鱼网站的原因。进一步挖掘，我们确定了为利用这些漏洞而创建的攻击工具，以及它们如何被当前的入侵检测签名检测到。我们建议将这项工作与入侵检测系统集成，以允许网站管理员或托管提供商减少其托管网络钓鱼网站的脆弱性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 eCrime Researchers Summit

自引率

0.00%

发文量