Skip to main content
SpringerLink
Log in

Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing

  • Conference paper
Financial Cryptography and Data Security (FC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5628))

Included in the following conference series:

Abstract

Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers’ widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised whenever the root cause of the vulnerability is not addressed. We find that 19% of phishing websites are recompromised within six months, and the rate of recompromise is much higher if they have been identified through web search. By contrast, other public sources of information about phishing websites are not currently raising recompromise rates; we find that phishing websites placed onto a public blacklist are recompromised no more frequently than websites only known within closed communities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R., Böhme, R., Clayton, R., Moore, T.: Security economics and the internal market. European Network and Information Security Agency (ENISA) (2008), http://enisa.europa.eu/doc/pdf/report_sec_econ_&_int_mark_20080131.pdf

  2. Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)

    Article  Google Scholar 

  3. Anti-Phishing Working Group, http://www.apwg.org/

  4. Artists Against 419, http://www.aa419.org/

  5. Collins, M.P., Shimeall, T.J., Faber, S., Janies, J., Weaver, R., De Shon, M., Kadane, J.: Using uncleanliness to predict future botnet addresses. In: Proceedings of the ACM SIGCOMM Conference on Internet Measurement (IMC), pp. 93–104. ACM Press, New York (2007)

    Chapter  Google Scholar 

  6. Cult of the Dead Cow. Goolag Scanner Specifications (January 2008), http://goolag.org/specifications.html

  7. Damron, J.: Identifiable fingerprints in network applications. USENIX ;login 28(6), 16–20 (2003)

    Google Scholar 

  8. Dausin, M.: PHP File Include Attacks. Tipping Point (February 2008), http://dvlabs.tippingpoint.com/blog/2008/02

  9. Day, O., Palmen, B., Greenstadt, R.: Reinterpreting the disclosure debate for web infections. In: 7th Workshop on the Economics of Information Security (WEIS) (2008)

    Google Scholar 

  10. Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 375–388 (2007)

    Google Scholar 

  11. Google Hacking Database, http://johnny.ihackstuff.com/ghdb.php

  12. Google Safe Browsing API, http://code.google.com/apis/safebrowsing/

  13. Higgins, K.J.: Phishers Enlist Google ‘Dorks’. DarkReading (March 2008), http://www.darkreading.com/document.asp?doc_id=149324

  14. LaCour, J.: Personal communication, March 28 (2008)

    Google Scholar 

  15. Lancor, L., Workman, R.: Using Google hacking to enhance defense strategies. In: Proceedings of the 38th SIGCSE Technical Symposium on Computer Science Education, pp. 491–495 (2007)

    Google Scholar 

  16. Long, J.: Google Hacking Mini-Guide. informIT (May 2004), http://www.informit.com/articles/article.aspx?p=170880

  17. Mavrommatis, P.: Malware Reviews via Webmaster Tools (August 2007), http://googlewebmastercentral.blogspot.com/2007/08/ malware-reviews-via-webmaster-tools.html

  18. McAfee Inc. SiteAdvisor, http://www.siteadvisor.com

  19. Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), pp. 1–13. ACM Press, New York (2007)

    Google Scholar 

  20. Netcraft Inc. March 2008 Web Server Survey (2008), http://news.netcraft.com/archives/web_server_survey.html

  21. PhishTank, http://www.phishtank.com/

  22. Provos, N., Mavrommatis, P., Rajab, M., Monrose, F.: All your iFrames point to us. In: 17th USENIX Security Symposium, pp. 1–15 (2008)

    Google Scholar 

  23. Stop Badware, http://www.stopbadware.org/

  24. The Webalizer, http://www.mrunix.net/webalizer/

  25. Thomas, R., Martin, J.: The underground economy: priceless. USENIX ;login 31(6), 7–16 (2006)

    Google Scholar 

  26. Watson, D., Holz, T., Mueller, S.: Know your Enemy: Phishing. The Honeynet Project & Research Alliance (May 2005), http://www.honeynet.org/papers/phishing/

  27. Weaver, R., Collins, M.P.: Fishing for phishes: applying capture-recapture methods to estimate phishing populations. In: Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), pp. 14–25. ACM Press, New York (2007)

    Chapter  Google Scholar 

  28. Yahoo! Inc. Yahoo! Search Web Services, http://developer.yahoo.com/search/

Download references

Author information

Authors and Affiliations

  1. Center for Research on Computation and Society, Harvard University, USA

    Tyler Moore

  2. Computer Laboratory, University of Cambridge, UK

    Richard Clayton

Authors
  1. Tyler Moore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard Clayton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Tor Project, Dedham, MA, USA

    Roger Dingledine

  2. Palo Alto Research Center, 3333 Coyote Hill Rd, 94304, Palo Alto, CA, USA

    Philippe Golle

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Moore, T., Clayton, R. (2009). Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing. In: Dingledine, R., Golle, P. (eds) Financial Cryptography and Data Security. FC 2009. Lecture Notes in Computer Science, vol 5628. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03549-4_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03549-4_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03548-7

  • Online ISBN: 978-3-642-03549-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation