Abstract
Fraudulent and malicious web sites pose a significant threat to desktop security, integrity, and privacy. This paper examines the threat from different perspectives. We harvested URLs linking to web sites from different sources and corpora, and conducted a study to examine these URLs in-depth. For each URL, we extract its domain name, determine its frequency, IP address and geographic location, and check if the web site is accessible. Using 3 search engines (Google, Yahoo!, and Windows Live), we check if the domain name appears in the search results; and using McAfee SiteAdvisor, we determine the domain name’s safety rating. Our study shows that users can encounter URLs pointing to fraudulent and malicious web sites not only in spam and phishing messages but in legitimate email messages and the top search results returned by search engines. To provide better countermeasures against these threats, we present a proxy-based approach to dynamically block access to fraudulent and malicious web sites based on the safety ratings set by McAfee SiteAdvisor.
Similar content being viewed by others
References
2006 TREC Public Spam Corpora. plg.uwaterloo.ca/~gvcormac/trecspamtrack06/
America Online and the National Cyber Security Alliance. AOL/NCSA online safety study. www.staysafeonline.info/pdf/safety_study_2005.pdf, December 2005
AOL hot searches in 2006. about-search.aol.com/hotsearches2006/index.html
Google hot searches in 2006. googlesystem.blogspot.com/2006/12/top-searches-on-googlecom-in-2006.html
Google. www.google.com
host.info. www.hostip.info
McAfee. Phishing and pharming: understanding phishing and pharming. www.mcafee.com/us/local_content/white_papers/wp_phishing_pharming.pdf, January 2006
McAfee SiteAdvisor. www.siteadvisor.com
Online Phishing Corpus. monkey.org/~jose/wiki/doku.php?id=PhishingCorpus
Squid. www.squid-cache.org
Symantec Corporation. The Symantec Internet security threat report. www.symantec.com/enterprise/threatreport/index.jsp, September 2006
Webroot Software, Inc. Automated threat research. research.spysweeper.com
Windows Live. www.live.com
Yahoo!. www.yahoo.com
Bragin T (2007) Measurement study of the web through a spam lens. Technical Report TR-2007-02-01, University of Washington, Computer Science and Engineering
Clayton R (2005) Insecure real-world authentication protocols (or why phishing is so profitable). In: 13th international workshop on security protocols, Cambridge, UK
Dhamija R, Tygar J, Hearst M (2006) Why phishing works. In: Proceedings of the SIGCHI conference on human factors in computer systems
Jagatic T, Johnoson N, Jakobsson M, Menczer F (2007) Social phishing. Commun ACM, to appear
Moore T, Clayton R (2007) An empirical analysis of the current state of phishing attack and defense. In: 6th workshop on the economics of information security
Moshchuk A, Bargin T, Gribble S, Levy H (2006) A crawler-based study of spyware on the web. In: Proceedings of the Internet society network and distributed system security symposium (NDSS)
Stamm S, Ramzan Z, Jakobsson M (2006) Drive-by pharming. Technical Report TR641, Indiana University, Department of Computer Science
Wang Y, Beck D, Jiang X, Roussev R, Verbowski C, Chen S, King S (2005) Automated web patrol with strider HoneyMonkeys: finding web sites that exploit browser vulnerabilities. In: Proceedings of the 14th USENIX security symposium
Wessels D (2004) Squid: the definitive guide. O’Reilly and Associates
Wu M, Miller R, Garfinkel S (2006) Do security toolbars actually prevent phishing attacks. In: Proceedings of the SIGCHI conference on human factors in computer systems
Zhang Y, Egelman S, Cranor L, Hong J (2007) Phinding phish: evaluating anti-phishing tools. In: Proceedings of the 14th annual network and distributed system security symposium (NDSS 2007)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Obied, A., Alhajj, R. Fraudulent and malicious sites on the web. Appl Intell 30, 112–120 (2009). https://doi.org/10.1007/s10489-007-0102-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-007-0102-y