A novel anti-phishing framework based on honeypots

2009 eCrime Researchers Summit, eCRIME '09

Volumn , Issue , 2009, Pages

  Li, Shujun ^a   Schmitz, Roland ^b  

^a UNIVERSITY OF KONSTANZ   (Germany)

^b STUTTGART MEDIA UNIVERSITY   (Germany)

Author keywords

Honeypot; Honeytoken; Money mule; Online banking; Phishing; Phoneybot; Phoneypot; Phoneytoken

Indexed keywords

ANTI-PHISHING; E-BANKING; HONEYPOTS; MALWARES; ON-LINE BANKING; PHISHERS; PHISHING; PHISHING ATTACKS; RUNNING-IN; SECURITY SERVICES; SHUT DOWN; VIRTUAL MACHINES;

COMPUTER CRIME; ONLINE SYSTEMS;

RESEARCH;

EID: 72449130877     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ECRIME.2009.5342609     Document Type: Conference Paper

References (54)

1. M. Jakobsson and S. Myers, Eds., Phishing and Countermea-sures: Understanding the Increasing Problem of Electronic Identity Theft. John Wiley & Sons, Inc., 2007.
2. R. Lininger and R. D. Vines, Phishing: Cutting the Identity Theft Line. Wiley Publishing, Inc., 2005.
3. L. James, Phishing Exposed. Syngress Publishing, Inc., 2005.
4. D. Hartley, "Search engines disguise phishing sites," 2009. [Online]. Available: http://www.itexaminer.com/search-engines-disguise-phishing- sites.aspx
5. Imperva, Inc., "Securesphere defense note: Phishing and cross-site scripting," 2004. [Online]. Available: http://www.securitytechnet.com/ resource/rsc-center2/vendor-wp/imperva/20050606Imperva-SecureSphere-Defense- Note-Phishing.pdf
6. Nexus, "Applying XSS to phishing attacks," 2007. [Online]. Available: http://www.playhack.net/view.php?type=1&id=20
7. J. Yaneza, "Spy-phishing: A new breed of blended threats," in Proc. Virus Bulletin Conference 2006, 2006. [Online]. Available: http://www.trendmicro.com/NR/rdonlyres/AC48648F-50D0-49F5-8438-7AEE516C501E/ 21322/spyphishing-102006.pdf
8. G. Ollmann, "The pharming guide: Understanding & preventing DNS-related attacks by phishers," 2005. [Online]. Available: http://www.ngssoftware.com/papers/ThePharmingGuide.pdf
9. S. Stamm, Z. Ramzan, and M. Jakobsson, "Drive-by pharm-ing," in Information and Communications Security (Proc. ICICS'2007), ser. Lecture Notes in Computer Science, vol. 4861. Springer, 2008, pp. 495-506.
10. US Office of the Comptroller of the Currency, "Money laundering: A banker's guide to avoiding problems," 2002. [Online]. Available: http://www.comptrollerofthecurrency.gov/moneylaundering2002.pdf
11. M. Jakobsson and S. Myers, "Delayed password disclosure," ACM SIGACT News, vol. 38, no. 3, pp. 56-75, 2007.
12. M. Wu, S. Garfinkel, and R. Miller, "Users are not dependable: How to make security indicators that protect them better," Presented at 1st Workshop on Trustworthy Interfaces for Passwords and Personal Information (TIPPI'2005), 2005. [Online]. Available: http://crypto.stanford.edu/TIPPI/first/ slides/min-wu.ppt
13. M. Wu, R. C. Miller, and S. L. Garfinkel, "Do security toolbars actually prevent phishing attacks?" in Proc. CHI'2006. ACM, 2006, pp. 601-610.
14. R. Dhamija, J. D. Tygar, and M. Hearst, "Why phishing works," in Proc. CHI'2006. ACM, 2006, pp. 581-590.
15. D. Florêncio and C. Herley, "Password rescue: A new approach to phishing prevention," in Proc. USENIX HotSec'2006, 2006, pp. 7-11.
16. T. Moore and R. Clayton, "The consequence of non-cooperation in the fight against phishing," in Proc. APWG eCRS'2008. IEEE Computer Society, 2008.
17. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell, "Stronger password authentication using browser extensions," in Proc. USENIX Security'2005, 2005, pp. 17-31.
18. IBM, "IBM Zone Trusted Information Channel (ZTIC): A banking server's display on your key chain," 2008. [Online]. Available: http://www.zurich.ibm.com/ztic
19. G. Starnberger, L. Froihofer, and K. M. Goeschka, "QR-TAN: Secure mobile transaction authentication," in Proc. ARES'2009. IEEE Computer Society, 2009, pp. 578-583.
20. Postbank, "mTAN now free for all customers," 2008. [Online]. Available: http://www.postbank.com/pbcom-ag-home/pbcom-pr-press/pbcom-pr-press- archives/pbcom-pr-press-archives-2008/pbcom-pr-pm1063-19-05-08.html
21. Irish Times, "Suspended term for €12,000 bank 'phishing' scam," 2009. [Online]. Available: http://www.irishtimes.com/newspaper/ ireland/2009/0214/1233867937480.html
22. R. L. B. Stevenson, "Plugging the phishing hole: Legislation versus technology," Duke Law & Technology Review, vol. 2005, no. 0006, 2005. [Online]. Available: http://www.law.duke.edu/journals/dltr/articles/ 2005dltr0006.html
23. D. Whitlock, "INTERNET FRAUD: Preventing and responding to phishing and spoofing scams," New Hampshire Bar J., vol. 42, no. 2, pp. 30-33, 2008.
24. L. Spitzner, Honeypots: Tracking Hackers. Addison Wesley, 2002.
25. F. Pouget, M. Dacier, and H. Debar, "Honeypot, honeynet, honeytoken: Terminological issues," Institut Euréacom (EURECOM), Sophia Antipolis, France, Research Report RR-03-081, 2003. [Online]. Available: http://www.eurecom.fr/util/publidownload.fr.htm?id=1275
26. M. Chandrasekaran, R. Chinchani, and S. Upadhyaya, "PHONEY: Mimicking user response to detect phishing attacks," in Proc. WoWMoM'2006. IEEE Computer Society, 2006, pp. 668-672.
27. C. M. McRae and R. B. Vaughn, "Phighting the phisher: Using web bugs and honeytokens to investigate the source of phishing attacks," in Proc. HICSS'2007. IEEE Computer Society, 2007, p. 270c.
28. C. Yue and H. Wang, "Anti-phishing in offense and defense," in Proc. ACSAC2008. IEEE Computer Society, 2008, pp. 345-354.
29. D. Birk, S. Gajek, F Grobert, and A.-R. Sadeghi, "Phishing phishers - observing and tracing organized cybercrime," in Proc. ICIMP'2007. IEEE Computer Society, 2007.
30. S. Gajek and A. Sadeghi, "A forensic framework for tracing phishers," in The Future of Identity in the Information Society, ser. IFIP International Federation for Information Processing, vol. 262. Springer, 2008, pp. 23-35.
31. G. Roth, "Server load balancing architectures, Part 1: Transport-level load balancing," 2008. [Online]. Available: http://www.javaworld.com/javaworld/jw-10-2008/jw-10-load-balancing-1.html
32. -, "Server load balancing architectures, Part 2: Application-level load balancing," 2008. [Online]. Available: http://www.javaworld.com/ javaworld/jw-10-2008/jw-10-load-balancing-2.html
33. C. Herley and D. Florêncio, "Protecting financial institutions from brute-force attacks," in Proc. IFIP SEC2008, ser. IFIP International Federation for Information Processing, vol. 278. Springer, 2008, pp. 681-685.
34. SM: Advanced external threats protection service," 2008. [Online]. Available: http://www.rsa.com/products/consumer/datasheets/9933FRAGOV-DS-1208.pdf
35. MarkMonitor Inc., "Rock phishing: The threat and recommended countermeasures," 2007. [Online]. Available: http://www.markmonitor.com/ download/wp/wp-rockphish.pdf
36. R. M. Smith, "The web bug FAQ," 1999. [Online]. Available: http://w2.eff.org/Privacy/Marketing/web-bug.html
37. L. von Ahn, M. Blum, and J. Langford, "Telling humans and computers apart automatically," Comm. ACM, vol. 47, no. 2, pp. 57-60, 2004.
38. G. Mori and J. Malik, "Recognizing objects in adversarial clutter: Breaking a visual CAPTCHA," in Proc. CVPR'2003, vol. 1. IEEE Computer Society, 2003, pp. 134-141.
39. J. Yan and A. S. E. Ahmad, "Breaking visual CAPTCHAs with naïve pattern recognition algorithms," in Proc. ACSAC'2007. IEEE Computer Society, 2007, pp. 279-291.
40. -, "A low-cost attack on a Microsoft CAPTCHA," in Proc. ACM CCS'2008, 2008, pp. 543-554.
41. S. Hocevar, "PWNtcha: Pretend we're not a Turing computer but a human antagonist." [Online]. Available: http://caca.zoy.org/wiki/PWNtcha
42. C. Chesnut, "aiCaptcha: Using AI to beat CAPTCHA and post comment spam," 2005. [Online]. Available: http://www.brains-n-brawn.com/aiCaptcha
43. BBC News, "PC stripper helps spam to spread," 2007. [Online]. Available: http://news.bbc.co.uk/2/hi/technology/7067962.stm
44. T. Moore and R. Clayton, "Examining the impact of website take-down on phishing," in Proc. APWG eCRS'2007. ACM, 2007, pp. 1-13.
45. V. L. Caruso, "Outsourcing information technology and the insider threat," AFIT/GIR/ENG/03-01, Department of Electrical and Computer Engineering, Graduate School of Engineering and Management, Air Force Institute of Technology, Air University, USA, 2003. [Online]. Available: http://handle.dtic.mil/100.2/ADA415113
46. IT-Online, "World-first SMS banking scam exposes weaknesses," Web page, July 2009. [Online]. Available: http://www.it-online.co.za/content/ view/1092105/142/
47. C. Herley and D. Florêncio, "A profitless endeavor: Phishing as tragedy of the commons," in Proc. NSPW'2008. ACM, 2008, pp. 59-70.
48. Anti-Phishing Working Group, "Phishing activity trends report, 2nd half/2008," 2009. [Online]. Available: http://www.antiphishing.org/reports/ apwg-report-H2-2008.pdf
49. Deutsche Bank, "Deutsche Bank at a glance," 2008. [Online]. Available: http://www.db.com/presse/en/download/DB-at-a-glance-2008.pdf
50. Sparkasse Heidelberg, "Online-banking: Increased security with iTAN," 2006. [Online]. Available: http://www.sparkasse-heidelberg.com/spk- hden/pk/banking/itan.html
51. Berliner Sparkasse, "chipTAN: Listen werden überflüssig, " 2005. [Online]. Available: http://www.berliner-sparkasse.de/anzeigen.php? tpl=privatkunden/konten-karten/online-banking/tan-generator.html
52. Volksbank Solling eG, "Sm@rt-TAN-plus," 2009. [Online]. Available: http://www.volksbank-solling.de/flycms/de/html/913/-/Smart+TAN+plus. html
53. RedTeam Pentesting GmbH, "New banking security system iTAN not as secure as claimed," Advisory rt-sa-2005-014, 2005. [Online]. Available: http://www.redteam-pentesting.de/advisories/rt-sa-2005-014
54. Arbeitsgruppe Identitätsschutz im Internet, "A-I3 Pressemeldung: iTAN nur in Verbindung mit SSL sicher (Update)," 2005. [Online]. Available: https://www.a-i3.org/content/view/411/28