Knowing ourselves and knowing oneself: Three kinds of attacks on phishing are uncovering

Nowadays, the Internet is not only full of viruses and Trojans, but also a resentful behavior is phishing. Phishing can cause many people to lose a lot of information or money. In most people's minds, phishing is fake emails that trick people into providing bank accounts or identity information. However, according to a recent study published by the Honeynet Project & Research Alliance, phishing is more complicated and scarier than this.

The alliance warned in this latest research report that phishers are using a malicious web server, port redirection and a fairly high success rate to spoof users. Their efforts are more thorough and organized than people initially thought. In many cases, they work in coordination with other fishing gangs and use multiple methods at the same time.

Honeynet researcher Arthur Clune, referring to an example of an attack in this report, said that the phishing website was built very fast. All of these sites are prepared in advance. The people who set up such a website are obviously ready, because we started to see network communication before the website was fully built. All processes, including scanning for vulnerable web servers, are highly automated. All of this shows that the attacker is serious, prepared, and wants to find as many vulnerable hosts as possible.

Clune said the quality of these sites and the practice of spamming are improving. This type of website uses more standard English and embeds better quality images, making it more like a real website on the outside. Another researcher, David Watson, said that as users become more aware of phishing and phishing, attackers have to improve their methods. He said that the number of people who suffered from such attacks made him surprised.

Watson said that in the many frauds we investigated, we were surprised to find that users did visit fake phishing sites. Information that guides how to use the Internet safely is clearly not widespread to end users.

This study was conducted using honeypots. The so-called honeypot refers to a computer that is intentionally set to have no protective measures. When attacked, researchers can investigate these attacks to better understand the strategies used by attackers. On the honeypot, the researchers clearly observed that the phishers successfully used three different methods of attack:

Breaking the network server

The first method is to break the server with security holes. And install malicious web content. In a typical phishing attack, the attacker used the following methods:

· scan for servers with security holes;

· break the vulnerable server and install a tool set or password Protect the back door;

· enter the compromised server through the encrypted back door;

· download the pre-made phishing website to prevent the compromised server from being a network-based server;

· for limited content configuration and website testing, when you first visit this web server, you may expose their real IP address;

· download a lot of tools to send emails, Use this tool to advertise this fake website with spam emails;

· After the above steps, someone visits the phishing site and potential victims start to access the content of the site.

The alliance said in a statement that the attack is usually only a few hours or days from the time the system first connects to the Internet. The study found that attackers often attacked many servers and many organizations at the same time.

Anyway, phishing is definitely a dangerous thing. Everyone can avoid it as much as possible. Of course, there are many ways to defend, so in your spare time, you can find a solution to protect your computer. Safety.