Domain Name Abuse Detection. Liming Wang
|
|
- Samuel Lane
- 8 years ago
- Views:
Transcription
1 Domain Name Abuse Detection Liming Wang
2 Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 2
3 Why? Responsibility CNNIC takes the responsibility of China s domain name registry to operate and administrate i t CN.CN,. 中 国,. 公 司 and. 网 络 Necessity Domain name abuses have caused heavy losses; It is reported that, every year in China, the losses brought about by the phishing attacks are more than 30 billion RMB.
4 IP Whois Big IM Data Info DNS LOG Registration i Info Social Network collection Detection Assessment Optimization Phishing SPAM BotNet Porn sites Other illegal sites
5 Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 5
6 Phishing Definition Phishing is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or form pretending to come from a legitimate company (like their bank).
7 Why we do anti-phishing? Phishing attacks are rampant Data Source: APWG CNNIC is committed to wipe out phishing attacks with.cn domain. CNNIC try to combat phishing in China with other TLD for the public welfare.
8 Anti-Phishing Research Background Features in phishing attacks nowadays Phishing URLs are always complicated multilevel string with. and / Domain name and path The living time of phishing URLs is short Shortcomings traditionalanti phishing anti methods Blacklist based methods cannot deal with fresh phishing sites Popular Web browser plug-in methods work in passive way to wait for detection URLs provided by clients Ourresearch research goal Detect phishing sites in short time and in an active way.
9 The phishing Data Analysis Results in China Analysis Results over 84% of phishing URLs have similar domain names toward their target brands. phishing URLs paths perform a mass of identical forms for each target Research Start Point Our anti-phishing research start point is domain name similarity analysis
10 Our Detection Process DNS Logs Phishing Repository Suspicious Host Retrieval Path Frequency Compute Top N Phishing Host Phishing Paths URL Construction Phishing URLs Detection Optimization Content Based Phishing Recognition
11 URL Construction Phishing URL = Phishing Host + Phishing Path
12 Content Based Phishing Recognition Recognition Features: Landing Box Title Copyright Web out-links Suspicious Phishing URLs Landing Box in No Non Phishing Webpage? Yes Title Landing Box Title contains target brand? Copyright contains target brand? Out links to target sites? 1/0 1/0 1/0 Summation>0? Yes No Non Phishing Copyright Very Suspicious Phishing URLs
13 Further Detection Optimization Why further optimization? False alarm in phishing detection will cause serious consequence. Keep low false alarm rate is significant in phishing detection. How? We adopt Web content quality to filter non-phishing Web pages Web quality assessment is an open issue which will be discussed in next section. Optimization rules IF Quality<5 THEN the suspicious URL is phishing, ELSE the URL is nonphishing. Evaluated Quality is in interval [0,10].
14 Detection Mechanism in Phishing Phishing Detection System: Jan ~ Dec phishing URL detected Accounts for 15.6% of the total reported data from APAC Top 2 in contribution, after taobao.com
15 Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 15
16 Detection Mechanism for Spoof Attack in CDN Detection Approaches for Spoof Attack in Chinese Domain Names Calculating the similarity for single characters The character dot matrix can accurately describe the visual features in Chinese characters Based on the dot matrix, the visual computing can be converted into vector computing, and measure the similarity between single characters.
17 Detection Mechanism for Spoof Attack in CDN Detection Approaches for Spoof Attack in Chinese Domain Names Calculating the similarity for single characters Converting the character dot matrix into multi-dimensional vectors Calculate the vector correlations based on the spatial vector model and get the similarity between the single characters
18 Detection Mechanism for Spoof Attack in CDN Detection Approaches for Spoof Attack in Chinese Domain Names Calculating the similarity for single characters The reasons for using vector space models It is verified and accepted in other fields; The similarity value is [0,1] when using the cosine power of the vector to calculate. No extra normalization is required; More features from the characters can be extended as additional dimensions of the vectors very conveniently when representing the characters via vector
19 Detection Mechanism for Spoof Attack in CDN Detection Approaches for Spoof Attack in Chinese Domain Names Similarity Calculation for String Based on the similarity between single characters. Modeling A and B are domain name with the length of n The similarity between the corresponding characters in A and B are known Formula for the similarity calcualtion:
20 Detection Mechanism for Spoof Attack in CDN Detection Approaches for Spoof Attack in Chinese Domain Names Similarity Calculation for Strings The similarity between A and B are based on the Bayes condition probability formula; The similarity between characters : Unsimilarity between characters: T value The longer the string is, the more similar characters there are, the more similar the two strings are: 茅 台. 中 国 vs 茅 合. 中 国 贵 州 茅 台 集 团. 中 国 vs 贵 州 茅 合 集 团. 中 国
21 Detection Mechanism for Spoof Attack in CDN Detection Approaches for Spoof Attack in Chinese Domain Names Similarity Calculation for Strings Example: 康 师 傅 VS 康 帅 博 Assume ( 师, 帅 )=0.9,( 傅, 博 )=0.8,set T = 1.1 The similarity:0.992:
22 Experiments Evaluation Experiments Evaluation The total similarity calculation test for CDNs 淘 宝 网 啕 宝 网 陶 宝 网 掏 宝 网 results 工 商 银 行 工 商 根 行 工 商 垠 行 工 商 很 行 腾 讯 幐 讯 腾 汛 滕 讯
23 Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 23
24 The Other Domain Name Abuse Detection Works Analysis on large-scale DNS authoritative Binding data, Active Server Page Extraction ti and analysis, Phishing page detection Large-scale log analysis Page contents detection Jumping cheating detection Hiding cheating detection Word co-occurrence analysis Automatic page grabbing
25 Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 25
26 An Overview of the Domain Name Abuse Detection System With the CNNIC own data resource as the input, CNNIC has designed and developed a Phishing Detection System to detect and decide the phishing webpage automatically. Big Data Analysis The daily DNS queries can reach 100 million during the peak time, leading to massive DNS recursive data resolution The data mining and analyzing task requires 10 million independent computers. The whole process including the source data extraction, Automatic data preprocess to the malicious webpage decision and Processing the evidence storage are all automatically done via machines Express Interface There is express interface for reporting
27 Domain Name Abuse Detection System Automatic bad data analysis Daily automatic log acquisition and poccessing Bad host server detection Evidence grabbing before reporting
28 System Running Frequency and the Processing Data Amount Once everyday Running Frequency The detection results are reported directly Data Source The recursive DNS server query log is used as the data source The number of daily queries to the DNS recursive servers: 400 million per day 数 据 量 The number of distinct independent computers: 30 million per day
29 2012 Domain Name Abuse Detection Result 7181 malicious domain names were detected, involving 23 TLD pornography websites 3393, phishing websites 2214, gambling websites 1439, drug websites 119, guns and explosive websites 16. The system reports 90% of the all the CNNIC reported websites. The reported phishing websites accounts for the 7.02% of all the anti-phishing Alliance Some registrants use the same template for 2012 Reported websites in.cn porn pornography websites in.cn. 200Compared with 4267 websites in 2011, it reduced 88.2% the malicious information 3% reported from CNNIC 7% 90% 国 家 域 名 安 全 中 心 举 报 其 他 各 方 举 报 人 力 查 找 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
30 北 京 市 海 淀 区 中 关 村 南 四 街 四 号 中 科 院 软 件 园 邮 编 :
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network
More informationGlobal Chinese Phishing Sites Report
Global Chinese Phishing Sites Report (2 nd Half 2012) National Domain Name Security Center and Anti-Phishing Alliance of China (APAC) in cooperation with the Anti-Phishing Work Group (APWG) May 2013 Table
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationCase 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8
Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138 Exhibit 8 Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 2 of 138 Domain Name: CELLULARVERISON.COM Updated Date: 12-dec-2007
More informationStanford Computer Security Lab. TrackBack Spam: Abuse and Prevention. Elie Bursztein, Peifung E. Lam, John C. Mitchell Stanford University
Abuse and Prevention Stanford University Stanford Computer Security Lab TrackBack Spam: Introduction Many users nowadays post information on cloud computing sites Sites sometimes need to link to each other
More informationAnalysis One Code Desc. Transaction Amount. Fiscal Period
Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00
More informationUsing big data analytics to identify malicious content: a case study on spam emails
Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime
More informationBasheer Al-Duwairi Jordan University of Science & Technology
Basheer Al-Duwairi Jordan University of Science & Technology Outline Examples of using network measurements /monitoring Example 1: fast flux detection Example 2: DDoS mitigation as a service Future trends
More informationEnhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017
From -JAN- To -JUN- -JAN- VIRP Page Period Period Period -JAN- 8 -JAN- 8 9 -JAN- 8 8 -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -FEB- : days
More informationMarch 2010 Report #39
March 2010 Report #39 Scam and phishing messages in February accounted for 19 percent of all spam, which is 2 percentage points lower than in January, but nevertheless an elevated level. Spammers continued
More informationSPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015
SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015 The Usual Players Indebtedness for driving on toll road Transaction receipts Notice to appear Major and Emerging Trends
More informationWhose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
More informationSupervisor Instructions for Approving Web Time Entry
Supervisor Instructions for Approving Web Time Entry Time Approval Deadlines by Category Local 2110 Members members submit time by NOON on Monday of the pay week. Time should be approved no later than
More informationWE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA
WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains
More informationEVILSEED: A Guided Approach to Finding Malicious Web Pages
+ EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of
More informationWe Know It Before You Do: Predicting Malicious Domains
We Know It Before You Do: Predicting Malicious Domains Abstract Malicious domains play an important role in many attack schemes. From distributing malware to hosting command and control (C&C) servers and
More informationPhishing Scams Security Update Best Practices for General User
Phishing Scams Security Update Best Practices for General User hishing refers to the malicious attack Pmethod by attackers who imitate legitimate companies in sending emails in order to entice people to
More informationComputer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance
Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit
More informationescan Anti-Spam White Paper
escan Anti-Spam White Paper Document Version (esnas 14.0.0.1) Creation Date: 19 th Feb, 2013 Preface The purpose of this document is to discuss issues and problems associated with spam email, describe
More informationOregon s Experience Accepting Online Credit and Debit Payments
Oregon s Experience Accepting Online Credit and Debit Payments Statistical Charts and Examples Page 1 of 8 How Oregon s Case Validation Works Semi-Technical Speak As part of their process, a vendor using
More informationDNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS
DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat
More informationJanuary 2011 Report #49. The following trends are highlighted in the January 2011 report:
January 2011 Report #49 Spam made up 81.69% of all messages in December, compared with 84.31% in November. The consistent drop in spam made us wonder, did spammers take a holiday break? Global spam volume
More informationThe Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.
The Latest Internet Threats to Affect Your Organisation Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc. Agenda Spam Trends Staying Ahead Blended Threats Spam Trends What Do Dick Cheney & Bill
More informationDeep Security Vulnerability Protection Summary
Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security
More informationDecoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs
Decoding DNS data Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs The Domain Name System (DNS) is a core component of the Internet infrastructure,
More informationDeciphering and Mitigating Blackhole Spam from Email-borne Threats
Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges
More informationCITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS
CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS May 2012 As of April 30th, 2012 the Citadel Trojan was at its fourth upgrade with Version 1.3.4.0 already in the hands of its customers. Citadel s features, bug
More informationResource Management Spreadsheet Capabilities. Stuart Dixon Resource Manager
Resource Management Spreadsheet Capabilities Stuart Dixon Resource Manager Purpose Single view of resource data Shows rolling demand vs supply for 14 months, 2 months back, current month, and 11 forward
More informationConsumer ID Theft Total Costs
Billions Consumer and Business Identity Theft Statistics Business identity (ID) theft is a growing crime and is a growing concern for state filing offices. Similar to consumer ID theft, after initially
More informationRecognizing Spam. IT Computer Technical Support Newsletter
IT Computer Technical Support Newsletter March 23, 2015 Vol.1, No.22 Recognizing Spam Spam messages are messages that are unwanted. If you have received an e-mail from the Internal Revenue Service or the
More informationExamining the Impact of Website Take-down on Phishing
Examining the Impact of Website Take-down on Phishing and Richard Clayton University of Cambridge Computer Laboratory APWG ecrime Researchers Summit Oct. 4, 2007, Pittsburgh, PA, USA Outline The mechanics
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationAshley Institute of Training Schedule of VET Tuition Fees 2015
Ashley Institute of Training Schedule of VET Fees Year of Study Group ID:DECE15G1 Total Course Fees $ 12,000 29-Aug- 17-Oct- 50 14-Sep- 0.167 blended various $2,000 CHC02 Best practice 24-Oct- 12-Dec-
More informationWhen Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper
When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationDealing with Big Data in Cyber Intelligence
Dealing with Big Data in Cyber Intelligence Greg Day Security CTO, EMEA, Symantec Session ID: HT-303 Session Classification: General Interest What will I take away from this session? What is driving big
More informationLayered security in authentication. An effective defense against Phishing and Pharming
1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered
More information.IBM TLD Registration Policy
I. Introduction These registration conditions govern the rights and obligations of the Registry Operator, International Business Machines Corporation ( Registry Operator or IBM ), and the accredited registrars,
More informationInternet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology
Internet Monitoring via DNS Traffic Analysis Wenke Lee Georgia Institute of Technology 0 Malware Networks (Botnets) 1 From General-Purpose to Targeted Attacks 11/14/12 2 Command and Control l Botnet design:
More informationWhen Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling
When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationWHITEPAPER. V12 Group www.v12groupinc.com 141 West Front Street, Suite 410 Red Bank, NJ 07701 info@v12groupinc.com 1.866.842.1001
WHITEPAPER Phishing Facts for Email Marketers: Understanding the phishing factor impact on your email programs. Email phishing attacks are destructive for everyone, it s not just the brands (and their
More informationMeasures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org
Measures to Protect (University) Domain Registrations and DNS Against Attacks Dave Piscitello, ICANN dave.piscitello@icann.org Why are we talking about Domain names and DNS? Domain names and URLs define
More informationAnglia IT Solutions Managed Anti-SPAM
By Appointment to Her Majesty The Queen Supplier of IT Products and Support Anglia IT Solutions Limited Swaffham Anglia IT Solutions Managed Anti-SPAM A Simple Guide All Rights Reserved. This document
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationQi Liu Rutgers Business School ISACA New York 2013
Qi Liu Rutgers Business School ISACA New York 2013 1 What is Audit Analytics The use of data analysis technology in Auditing. Audit analytics is the process of identifying, gathering, validating, analyzing,
More informationRecurrent Patterns Detection Technology. White Paper
SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware
More informationWin the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business
Win the Internet Security War Keep Internet Criminals Out of Your Network and Protect Your Business Takeaways Cyber-criminals are using emails & social engineering to infiltrate your network Your team
More informationITRC announces latest updates of its Visitor Profile Study (VPS)
Thursday, 3 April 2014 ITRC announces latest updates of its Visitor Profile Study (VPS) IFT Tourism Research Centre (ITRC) is releasing today the most updated results of its Macao Visitor Profile Survey
More informationV-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks
Enabling Precise Defense against New DDoS Attacks 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against
More informationAdvisory on Utilization of Whois Data For Phishing Site Take Down March 2008
Contributors Rod Rasmussen, Internet Identity Patrick Cain, Anti-Phishing Working Group Laura Mather, Anti-Phishing Working Group Ihab Shraim, MarkMonitor Summary Given fundamental policy changes regarding
More informationComputing & Telecommunications Services Monthly Report March 2015
March 215 Monthly Report Computing & Telecommunications Services Monthly Report March 215 CaTS Help Desk (937) 775-4827 1-888-775-4827 25 Library Annex helpdesk@wright.edu www.wright.edu/cats/ Last Modified
More informationA Hybrid Approach to Detect Zero Day Phishing Websites
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 17 (2014), pp. 1761-1770 International Research Publications House http://www. irphouse.com A Hybrid Approach
More informationManaging Users and Identity Stores
CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting
More informationCENTERPOINT ENERGY TEXARKANA SERVICE AREA GAS SUPPLY RATE (GSR) JULY 2015. Small Commercial Service (SCS-1) GSR
JULY 2015 Area (RS-1) GSR GSR (LCS-1) Texarkana Incorporated July-15 $0.50690/Ccf $0.45450/Ccf $0.00000/Ccf $2.85090/MMBtu $17.52070/MMBtu Texarkana Unincorporated July-15 $0.56370/Ccf $0.26110/Ccf $1.66900/Ccf
More informationAn Eprints Apache Log Filter for Non-Redundant Document Downloads by Browser Agents
An Eprints Apache Log Filter for Non-Redundant Document Downloads by Browser Agents Ed Sponsler Caltech Library System http://resolver.caltech.edu/caltechlib:spoeal04 December, 2004 Contents 1 Abstract
More informationContent Filters A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER
Content Filters A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER CONTENT FILTERS 2 Introduction Content- based filters are a key method for many ISPs and corporations to filter incoming email..
More informationCommtouch RPD Technology. Network Based Protection Against Email-Borne Threats
Network Based Protection Against Email-Borne Threats Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in
More informationHow To Get Rid Of A Phish Locker On A Computer (For A Bank)
PHISH LOCKERS OUT IN THE WILD August 2013 RSA researchers have been increasingly witnessing the activity of highly targeted Trojans, dubbed Phish Lockers, used at the hands of cybercriminals to steal credentials.
More informationAbused Internet Domain Registration Analysis for Calculating Risk and Mitigating Malicious Activity
2012 Abused Internet Domain Registration Analysis for Calculating Risk and Mitigating Malicious Activity KnujOn.com LLC Brief Version 2/18/2012 Promising Research KnujOn.com LLC is proud to release this
More informationSPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS
SPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS INTRODUCTION BOTNETS IN SPAMMING WHAT IS AUTORE? FACING CHALLENGES? WE CAN SOLVE THEM METHODS TO DEAL WITH THAT CHALLENGES Extract URL string, source server
More informationLesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division
Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation
More informationHarness Your Internet Activity!
Harness Your Internet Activity Random Subdomain Attacks Plaguing the Internet Agenda Brief Intro Covered at last OARC Attack overview Latest data Progress on open dns proxies in home gateways Impact of
More informationBotnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
More informationCAFIS REPORT 2015.10
CAFIS REPORT 2015.10 INDEX Message CAFIS Inbound 03-06 07-08 CAFIS Arch 09-10 CAFIS Brain 11-12 CAFIS Global 13-14 What We Do 15-16 About CAFIS 17-18 Services for Member Stores 19-34 Services for Card
More informationSeptember 2009 Report #23. There was a 11 percent increase from the previous month in non-english phishing sites
September 2009 Report #23 The data in this report is aggregated from a combination of sources including Symantec s Phish Report Network (PRN), strategic partners, customers and security solutions. This
More informationCurrent counter-measures and responses by CERTs
Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure
More informationCymon.io. Open Threat Intelligence. 29 October 2015 Copyright 2015 esentire, Inc. 1
Cymon.io Open Threat Intelligence 29 October 2015 Copyright 2015 esentire, Inc. 1 #> whoami» Roy Firestein» Senior Consultant» Doing Research & Development» Other work include:» docping.me» threatlab.io
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationCisco 4Q11. Global Threat Report
Cisco 4Q11 Global Threat Report Contents Key Highlights 1 Introduction 2 Cisco ScanSafe: Web Malware Events 3 Cisco Intrusion Prevention System 5 Cisco IronPort: Global Spam Trends 6 About the Contributors
More informationA new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged.
A new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged. The Citibank scam tricks users into surrendering their online banking
More informationPHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD
PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD April 2013 As cybercriminals will have it, phishing attacks are quite the seasonal trend. It seems that every April, after showing a slight decline
More informationThe Internet (Computer Networking)
The Internet (Computer Networking) In what ways do we use the Internet for? Fun facts about the Internet Almost impossible to measure how much data you can access on the Internet Estimated to take about
More informationIpswitch IMail Server with Integrated Technology
Ipswitch IMail Server with Integrated Technology As spammers grow in their cleverness, their means of inundating your life with spam continues to grow very ingeniously. The majority of spam messages these
More informationLocal and Cultural Factors in Mobile Data Communications: The Case of the SMS in China and Hong Kong SAR
Local and Cultural Factors in Mobile Data Communications: The Case of the SMS in China and Hong Kong SAR Hong Kong University of Science and Technology (HKUST), Xu Yan (xuyan@ust.hk) Introduction! Studies
More informationOverview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy
Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of
More informationPhishing Activity Trends Report for the Month of December, 2007
Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease
More informationZscaler Cloud Web Gateway Test
Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the
More informationModusMail Software Instructions.
ModusMail Software Instructions. Table of Contents Basic Quarantine Report Information. 2 Starting A WebMail Session. 3 WebMail Interface. 4 WebMail Setting overview (See Settings Interface).. 5 Account
More informationProfessional Ethics for Computer Science
Professional Ethics for Computer Science Chapter 4: Privacy Jie Gao Computer Science Department Stony Brook University Privacy Issues Internet privacy consists of privacy over the media of the Internet:
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record
More informationSophisticated Phishers Make More Spelling Mistakes: Using URL Similarity Against Phishing
Sophisticated Phishers Make More Spelling Mistakes: Using URL Similarity Against Phishing Max-Emanuel Maurer 1 and Lukas Höfer 1 University of Munich Media Informatics Group Amalienstr. 17 803333 Munich
More informationSeptember 2009 Report #33
September 2009 Report #33 Overall spam volumes averaged at 87 percent of all email messages in August 2009. Health spam decreased again this month and averaged at 6.73 percent, while over 29 percent of
More informationPolicy Overview and Definitions
Overview The following policies, which govern the top level domain (TLD or Registry) indicated on Schedule A, are based on policies and best practices drawn from ICANN, WIPO, and other relevant sources,
More informationDragonfly: Energy Companies Under Sabotage Threat Symantec Security Response
Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Western Energy Companies Under Sabotage Threat 1 What is Dragonfly? Ongoing cyberespionage campaign Targeting the
More informationI m getting MFA, you re getting MFA, we re ALL getting MFA. Richard Biever (richard.biever@duke.edu) Chuck Kesler (chuck.kesler@duke.
I m getting MFA, you re getting MFA, we re ALL getting MFA Richard Biever (richard.biever@duke.edu) Chuck Kesler (chuck.kesler@duke.edu) Durham, we have a problem Passwords are the most used way to secure
More informationJOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City
JOOMLA SECURITY by Oliver Hummel ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City CONTACT Nicholas Butler 051-393524 089-4278112 info@irelandwebsitedesign.com Contents Introduction 3 Installation
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationCYBERSECURITY INESTIGATION AND ANALYSIS
CYBERSECURITY INESTIGATION AND ANALYSIS The New Crime of the Digital Age The Internet is not just the hotspot of all things digital and technical. Because of the conveniences of the Internet and its accessibility,
More informationMULTILINGUILIZATION STANDARD. Wael Nasr Director, I-DNS.Net
UNITED NATIONS ECONOMIC AND SOCIAL COUNCIL E Distr. LIMITED E/ESCWA/ICTD/2003/WG.2/12 2 June 2003 ORIGINAL: ENGLISH Economic and Social Commission for Western Asia Expert Group Meeting on Promotion of
More informationDomain Name Control Considerations
Domain Name Control Considerations When implementing an Internet presence, credit unions should establish controls to facilitate control over domain names. Credit unions should: 1. understand the Domain
More informationComprehensive Anti-Spam Service
Comprehensive Anti-Spam Service Chapter 1: Document Scope This document describes how to implement and manage the Comprehensive Anti-Spam Service. This document contains the following sections: Comprehensive
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationHow To Filter Email From A Spam Filter
Spam Filtering A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER 2 Introduction Spam filtering is a catch- all term that describes the steps that happen to an email between a sender and a receiver
More informationFirst Step Guide for Building Cyber Threat Intelligence Team. Hitoshi ENDOH (NTT-CERT) Natsuko INUI (CDI-CIRT)
First Step Guide for Building Cyber Threat Intelligence Team Hitoshi ENDOH (NTT-CERT) Natsuko INUI (CDI-CIRT) Agenda About Us CDI-CIRT NTT-CERT Part 1 Cyber Threat Intelligence Team Building Basics Part
More informationState of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved
State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration
More informationRogue DNS servers a case study
Rogue DNS servers a case study Feike Hacquebord Forward Looking Threat Research, Trend Micro Cupertino, CA, USA feikehayo_hacquebord@trendmicro.com Contents Introduction to DNS DNS Changer Trojans Rogue
More informationHow to Stop Spam Emails and Bounces
Managing Your Email Reputation For most companies and organizations, email is the most important means of business communication. The value of email today, however, has been compromised by the rampant
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationHow To Protect Your Email From Spam On A Barracuda Spam And Virus Firewall
Comprehensive Email Filtering: Barracuda Spam & Virus Firewall Safeguards Legitimate Email Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks
More informationVIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division
VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain
More information