Irjet V3i1121 PDF
Irjet V3i1121 PDF
Irjet V3i1121 PDF
© 2016, IRJET | Impact Factor value: 4.45 | ISO 9001:2008 Certified Journal | Page 700
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 03 Issue: 01 | Jan-2016 www.irjet.net p-ISSN: 2395-0072
Fraud and
Post-Attack Actions. PHISHING
© 2016, IRJET | Impact Factor value: 4.45 | ISO 9001:2008 Certified Journal | Page 701
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 03 Issue: 01 | Jan-2016 www.irjet.net p-ISSN: 2395-0072
website and captures the information and sells or 3. The e-mail will contain a link or hyperlink to a website
uses it later. with a similar URL name as the “real” sender. Note that the
hyperlink does NOT point to the legitimate Citibank Web
Fake Websites site URL[5].
10000
4. ANALYSIS ABOUT PROBLEMS
5000
0 Security Loop Holes
3 main areas
2. The e-mail will usually contain logos or images that Potential policy changes
have been taken from the Web site of the company
mentioned in the scam e-mail. 1. Registering any obvious and available
deeptive domain names
© 2016, IRJET | Impact Factor value: 4.45 | ISO 9001:2008 Certified Journal | Page 702
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 03 Issue: 01 | Jan-2016 www.irjet.net p-ISSN: 2395-0072
2. Establishing standards of the styles and • Near-zero false positives – as the pattern of legitimate
distribution of mass email. mail sent from one to another will probably appear only
3. Using personalized messages once.
Awareness and training programs • Content-agnostic – effective against Phishing, fraud and
innocent-looking spam.
1. Making use of regular communications to
explain the phishing problem • Language independent.
2.
3. Establishing a simple mechanism for • Detects spam of any file type.
reporting phising attacks
• Adaptive technology – As spam is economically
4. Posting alerts on security website
motivated, spammers constantly change tactics to achieve
mass distribution.
4. ANTI-PHISHING TOOLS
� Heuristic Fraud detection sets of rules - Mail-Secure
4.1 Mail-SeCure uses Heuristic rules in order to detect possible new
Phishing attempts. Mail-SeCure has over 2,500 sets of
Mail Secure’s Anti-Phishing module combines several
rules to detect characteristics of Phishing. The heuristic
layers and technologies to detect and block. Phishing
engine uses a score-based system to identify Phishing.
attempts. The main technologies used are:
�Zombie detection - Most Phishers use zombie computers
�Anti-Phishing Database - Mail-Secure maintains a data
to distribute their mail. Zombie
base which is updates on a daily basis. This database
features millions of known Phishing URLs and domain computers are computers that were involuntarily hacked
names. If one of the listed URLs appears in a mail, it is (whether by Trojan horses or by direct hacking) and used
blocked [5]. for mail distribution.
� SURBL - an RBL which is designed to block or tag Mail-SeCure has a unique Zombie Detection System – ZDS.
Phishing attempts based on URI's (usually their domain It identifies zombies and automatically blocks them at the
names) scattered in the body of the message. In this case, session level (similar to RBL). PineApp has a central ZDS,
the RBL is not intended to block the source of the spam
message. Instead, SURBL is used to block spam based on RBL-like server, which dynamically blocks identified IPs.
its message content. Since a zombie computer owner can change his IP, ZDS
automatically adds or removes IP addresses from
Even if a spammer uses new domains, they may point to blacklists.
the old, blocked IPs and will therefore be blocked, right
from the first spam message received. � IP Reputation - a powerful additional layer used to
block Zombies at the SMTP session level. The IP
� Commtouch RPD™ - Commtouch’s Recurrent Pattern Reputation mechanism is based on sniffers located at
Detection (RPD™) is based on the fundamental various points of the world, monitoring traffic of hundreds
characteristic of Phishing, spam and email-born Malware - of millions of email messages daily. IP Reputation
its mass distribution over the Internet. Sniffers located centerdynamically classifies IPs, according to a profile
worldwide, lookout for real traffic in over 60 million built from parameters such as: volume, percentage of
operational mailboxes. They then extract patterns to spam & viruses and elevations. When an SMTP session is
detect recurring patterns and examine the number of established, Mail-SeCure queries the IP Reputation system
sources to determine if they are Trojan-based outbreaks. (or uses local cache) and performs various actions
Commtouch RPD™ differentiates between bulk mail according to the IP classification, such as: permanently
(which can be a mailing list), and confirmed spam [6]. reject the mail, respond with a temporary error to be able
to re-evaluate the IP on the retry time, activate grey-
Commtouch RPD™ advantages:
listing, activate Rate limit, etc.
• Generates patterns from more than 300 million daily
� Rate limit - provides an advanced layer against mail
messages, from over 15 locations worldwide.
bombing, by limiting the amount of messages or SMTP
• Real-time – blocks spam from the first minute of the sessions allowed from a certain IP on a pre-defined time.
outbreak. Rate limit uses a complex algorithm using a sliding-
window method. Limitations can be defined for
timeframes of: minutes, hours and days.IP Reputation
© 2016, IRJET | Impact Factor value: 4.45 | ISO 9001:2008 Certified Journal | Page 703
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 03 Issue: 01 | Jan-2016 www.irjet.net p-ISSN: 2395-0072
saves bandwidth and lowers the load on your Mail-SeCure ESET SysRescue Live is a Linux-based bootable Live
system [7]. CD/USB image that can be used to boot and clean heavily-
infected computers independent of the installed operating
4.2 Security Tool Bar - Netcraft system. The program is offered free of charge, and can
download updates if a network connection is present.
An Internet services company based in Bath, England’s
product is Netcraft. It provides web server and web 4.4 Browser Integrated Tools
hosting market-share analysis, including web server and
operating system detection., The service is able to monitor A browser-integrated tool usually relies on a blacklist,
uptimes uptime performance monitoring is a commonly which contains the URLs of malicious sites, to determine
used factor in determining the reliability of a web hosting whether a URL corresponds to a phishing page or not. In
provider depending on the queried server's operating Microsoft Internet Explorer 7, for example, the address bar
system. Netcraft also provides security testing, and turns red when a malicious page is loaded. The
publishes news releases about the state of various effectiveness of a blacklist is strongly influenced by its
networks that make up the Internet. coverage, credibility, and update frequency. At present, the
most well-known blacklists are those maintained by
The company is also known for its free anti-phishing Google and Microsoft, which are used by the most popular
toolbar for the Firefox and Internet Explorer browsers. browsers, Mozilla Firefox and Microsoft Internet Explorer,
Starting with version 9.5, the built-in anti-phishing filter in respectively.
the Opera browser uses the same data as Netcraft's
toolbar, eliminating the need for a separately installed 4.5 Using Antiphish And Dom Antiphish Techniques
toolbar. A study commissioned by Microsoft concluded
that Netcraft's toolbar was among the most effective tools AntiPhish is a browser plug-in that keeps track of sensitive
to combat phishing on the Internet, although this has since information. Whenever a user attempts to enter sensitive
been superseded by Microsoft's own Internet Explorer 7 information on one site, and this information has
with Microsoft Phishing Filter, possibly as a result of previously been associated with a different, trusted site, a
licensing Netcraft's data [8]. warning is generated. This is effective when a user
inadvertently enters bank login information on a phishing
4.3 ESET SECURITY site. However, AntiPhish suffers from the problem that
legitimate reuse of credentials is also flagged as
ESET Smart Security incorporates anti-spam and a suspicious.
bidirectional firewall along with traditional anti-malware
features of ESET NOD32 Antivirus. The acronym NOD To address this usability problem, DOM AntiPhish was
stands for Nemocnica na Okraji Disku ("Hospital at the end proposed. For that approach, the authors compared the
of the disk"),[1] a pun related to the Czechoslovak medical Document Object Models (DOMs) of the pages under
drama series Nemocnice na kraji města (Hospital at the analysis to determine whether the two pages are similar.
End of the City).[2] The first version of NOD32 - called NOD- When information is reused on a page that is similar to the
ICE - was a DOS-based program. It was created in 1987 by original page (that is associated with the sensitive data), a
Miroslav Trnka and Peter Paško at the time when phishing attempt is suspected. When the information is
computer viruses started to become increasingly entered on a site that is completely different, the system
prevalent on PCs running DOS [9]. assumes legitimate data reuse. Although DOM AntiPhish is
able to identify phishing pages effectively, its major
ESET SysInspector is a diagnostic tool which allows in- limitation is that the DOM tree is not necessarily a reliable
depth analysis of various aspects of the operating system, feature to establish similarity between pages. In some
including running processes, registry content, startup cases, it is possible for the attacker to use different DOM
items and network connections. Anti-Stealth Technology is elements to create a similar look-and-feel and appearance
used to discover hidden objects (rootkits) in the Master of a page. Furthermore, a phishing site that only consists
Boot Record, boot sector, registry entries, drivers, services of images cannot be detected. A new technique to detect
and processes. SysInspector Logs are standard XML files phishes has been implemented in the project, which
and can be submitted to IT experts for further analysis. removes the above said disadvantages.
Two logs can be compared to find a set of items not
common to both logs. A log file can be saved as a service Conclusion
script for removing malicious objects from a computer
[10]. Phishing is the attempt to acquire sensitive information
such as usernames, passwords, and credit card details
(and sometimes, indirectly, money), often for malicious
© 2016, IRJET | Impact Factor value: 4.45 | ISO 9001:2008 Certified Journal | Page 704
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 03 Issue: 01 | Jan-2016 www.irjet.net p-ISSN: 2395-0072
reasons, by masquerading as a trustworthy entity in an 13. Congressional Budget Office Cost Summary, H.R. 1525
electronic communication. Now days it has become very Internet Spyware (I-SPY) Prevention Act of 2007,available
serious. There are many techniques to solve these at:http://www.cbo.gov/ftpdocs/80xx/doc8076/hr1525.p
problems. But people may don’t aware of the seriousness df.
of phishing. Periodical updating of anti-phishing tools or
softwares in their own systems may helpful to secure their
confidential information and credentials. This study may
give the awareness about the phishing problems and
solutions.
References
© 2016, IRJET | Impact Factor value: 4.45 | ISO 9001:2008 Certified Journal | Page 705