WEB SPOOFING
Guided by: Prepared by:Ms. Pooja Sharma Mam Al Omar Rajawat
Alok Pandey
POINTS TO BE DISCUSSED
DEFINATION ORIGIN & HISTORY WORKING EFFECTS COUNTERMEASURES STATISTICS CONCLUSION
Web Spoofing:
Web Spoofing is Tricking Someone into visiting a Website other than one they intend to visit ,by creating a similar website.
Web Spoofing is a Phishing Scheme.
Starting the Attack
The attacker must somehow lure the victim into the attacker’s false web. there are several
ways to do this. An attacker could put a link to false Web onto
popular Web page. If the victim is using email, the attacker could
email the victim a pointer to false Web. Finally, the attacker could trick a web search
engine into indexing part of a false Web.
Have you ever received an e-mail that looked like this?
From: Bank of America
To: John Doe
Subject: Your Online Banking Account is Inactive
Your Online Banking Account is
Innactive
We closed your online access for security reasons.
Click here to access your accountWe must verify your account information.
Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2004 Bank of America Corporation. All rights reserved.
Spoofing attacks in the physical world as well as the electronic world
People using computer system often makes security relevant decisions based on Social engineering they see.
For example you might decide to type in you account number
because you believe you are visiting your bank’s web page. This belief might arise because the page has a familiar look.
Ways of Trapping Victim
1. A browser presents many types of context that users might rely on to make decisions.
2. Appearance – the appearance of an object might convey a certain impressions.
3. Name of Objects – people often deduce what is in a file by its name.
4. Timing of Events – if 2 things happen at the same time, the user might think they are related.
Is MICR0SOFT.COM or MICROSOFT.COM the correct address for Microsoft?
Work in the PastPrinceton Part-I
In 1996, “Feltan et al “at Princeton originated the Term WEB SPOOFING and explored spoofing attacks in Netscape Navigator & Internet Explorer.
He made a Shadow copy of few websites by using Java Script, and when victim accessed the shadow web, he was able to monitor his all activities.
UCSB-Part II
In same year “De Paoli” suggested 2 methods of web spoofing
A client downloads Honey-pot HTML document that has embedded spy Applet. As client opens new webpage ,a new Java thread starts sending info. to attacker.
Other attack involved use of applets, to steal sensitive info. Such as passwords by social engineering.
CMU-Part III
In 1996,”Tiger & Whitten” demonstrated use of Applets as Trojan Horse.
These Trojans appeared like Dialog boxes, but have ability of Desktop Capturing and key logging.
The Popular Trojans are Sub-7 ,NetBus,AK-47 etc.
How the Attack Works
Logical Level CODINGView Level FORMS
URL RewritingSTEP I
A Phisher could insert a malicious script inside a product review to attack the user.
The Script would modify the host site so that the user believes he/she is interacting with secure site.
this technique is also called as “Cross-Scripting.”
STEP II This done by using encoded characters to hide the
destination address of a link. Ex-
“abc” = "abc”
Assuming the attacker’s server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL by use of JAVA Script.
For example, http://home.netscape.com becomes http://
www.attacker.org/http://home.netscape.com.
STEP III
Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs in the document . Then the attacker’s server provides the rewritten page to the victim’s browser.
If the victim follows a link on the new page, the victim remains trapped in the attacker’s false web.
Forms
When the victim submits a form, the submitted data goes to the attacker’s server. The attacker’s server can observe and even modify the submitted data, doing whatever malicious editing desired, before passing it on to the real server.
Information Flow Model
1. A deceptive message is sent from the phisher to the user.
2. A user provides confidential information to a phishing server (normally after some interaction with the server).
3. The phisher obtains the confidential information from the server.
4. The confidential information is used to impersonate the user.
5. The phisher obtains illicit monetary gain.
Information Flow Model
Consequences- Surveillance
The attacker can passively watch the traffic, recording which pages the victim visits and the contacts of those pages.
This allows the attacker to observe any account numbers or passwords the victim enters.This is called as Desktop Monitoring.
Tampering –
The attacker can modify any of the data traveling in either direction between the victim and the Web, without letting victim know.
The attacker would change the product number, quantity or ship to address.
ANTI-SPOOFING Countermeasures
To handle this type of crime, we need to work in 3 Fields
Users Softwares Laws
I) For Users
Some training is required for people to understand good/bad e-mails & sites.
They should understand that a company never asks for passwds & credit card nos. through e-mails.
Pen Test should be done by IT Firms to check any flaw in their network.
Protecting yourself against e-mail or online fraud Don’t take anything for granted. Do not click on links you receive in an e-mail message
asking for sensitive personal, financial or account information.
Call the company directly to confirm requests for updating or verifying personal or account information.
Do not share your ID’s or pass codes with anyone. Look for secure connections on Web sites. Always sign off Web sites or secure areas of Web Sites. When your computer is not in use, shut it down or
disconnect it from the Internet.
II) Softwares
Open Information – Allow different spam filters, e-mail clients, and browsers to exchange information about unsafe domains.
Warn The User – Alert the user when they attempt to click on an obfuscated link. Show the user the actual link, whether the site is trusted or not, and prompt the user whether or not the wish to continue with the link.
Disrupting Data Transmission Monitor Outgoing Data – Implement a
browser tool-bar that hashes information and checks if confidential information is being sent.
Blacklisting – Block IP ranges of known phishing sites.
Encryption – Encrypt sensitive information before transmission.
Advanced Authentication
Two-factor Authentication – Require proof of two out of three criteria (what you are, what you have, or what you know)
Requires some sort of hardware or time sensitive information
Use a checksum to verify that the information came from the users machine and not a phisher.
Prominenet Anti-Phishing Tools
‘Anti-fraud tool bar’ from ‘Cloud mark’ -based on black-list of bad sites. ‘Trustbar’ from ‘Comodo’ -based on white-list of good sites. ‘Clear search anti-phishing’ from
‘Phishing.net’ -uses 35 diff. properties of phishing schemes
to identify attacks.
Remedies Follow a three part strategy: Disable JavaScript in your browser so the
attacker will be unable to hide the evidence of the attack;
Make sure your browser’s location line is always visible;
Pay attention to the URLs displayed on your browser’s location line, making sure they always point to the server you think you are connected to.
III) Laws
In India, Current Laws are unable to completely stop phishing and web spoofing.
Though USA and several other European countries have tighten their laws in this area, by introducing Anti-phishing law in 2005,that would fine $250,000 and imprisonment of 5Years.
Web SpoofingLeading Nations
The Gartner group estimates the direct phishing-related loss to US banks and credit card issuers in the last year to be $1.2 billion.
• Indirect losses are much higher, including customer service expenses and account replacement costs.
Recent Losses
Web SpoofingChart
CONCLUSION
Spoofing is a serious threat for International community, as the real-world applications are getting more importance over world-wide web.
Understanding the tools & methods, the spoofers have at their disposal, we can defend attacks to a considerably amount.
Top Related