Devendra Yadav 31/05/2007
Dec 25, 2014
Devendra Yadav31/05/2007
Introduction11
Phishing Techniques22
Pharming Techniques33
Phishing Statistical Highlights44
Phishing/Pharming Demo55
In Computing both Phishing and Pharming are criminal activity
Both Phishing and Pharming are methods used to steal personal information over the Internet
User Id/Password Credit Card Number PIN
Phishing is typically carried out using email or an instant message, and often directs users to give details at a website
Pharming is a hacker's attack aiming to redirect a website's traffic to another (bogus) website.
Pharming is more dangerous than Phishing
In Phishing incorrect client request is sent and if user is little bit intelligent he/she can identify it very easily
In Pharming correct Client request is sent and that get redirected to wrong server. So identifying it is difficult for intelligent users also
12
43
Hacker Creates Fake website
Send link of website to user using mail/instant messaging
User opens link provided by Hacker
User start sending/receiving information from Fake website
Hacker 1
Fake website
24
3
User
Technique -1 Link manipulationIn this technique hackers manipulate links in such manner that it’s difficult for user to identify whether is page is served form correct website or fake website. Few of such techniques are 1. Misspelled URLs e.g. http://www.0rkut.com
2. Sub domains e.g. http://www.yourbank.com.example.com/ 3. Using “@” e.g. http://[email protected]/
Technique -2 Website forgeryIn this technique hackers alter the address bar 1. Hiding Address bar 2. Altering the content of Address bar using scripts 3. putting image with legitimate URL over address bar
In Pharming attackers try to redirect the user’s requests (web traffic) to a bogus website, for doing this commonly used techniques are:
◦ Altering Host File Host File location
%windir%/system32/drivers/etc/hosts (Windows) /etc/hosts (Unix) Sample Host file
◦ Hijacking DNS Server/Local Network Router
Web ServerIP : 64.233.187.99
google.com
64.233.187.99
64.233.187.99
google.com1
2
3
4 2
IP add. is not specified in Host file
IP add. is specified in Host file
DNS & Host File
Number of unique phishing reports received in April: 23656 Number of unique phishing sites received in April: 55643 Number of brands hijacked by phishing campaigns in April: 172 Country hosting the most phishing websites in April: United States No hostname just IP address: 6 % Percentage of sites not using port 80: 1.5 % Average time online for site: 3.8
days Longest time online for site: 27 days
Source: APWG(http://www.antiphishing.org)
Source: APWG(http://www.antiphishing.org)
1. United State 28.44%2. France 26.9%3. Republic of Korea 21.05%,4. Romania 2.04%5. China 1.9%6. Germany 1.9%7. Russia 1.75%8. United Kingdom 1.46%9. Turkey 1.46%,10. Netherlands 1.17%.
Source: APWG(http://www.antiphishing.org)
Live Phishing URLs http://website.lineone.net/~farrago/cia/phish/ebay2.htm http://www.popsite-almere.nl/fotos/nieuws/data/
www.anz.com/anzbank/ANZ/Bankmain.htm http://posssit.freehostia.com/bancoposta.online.it/bpol/
poste//login-privati1.html http://www.safe-surf.org/cgi-bin/cgiproxy/nph-proxy.pl/
000100A/http/www.myspace.com/ http://halifax-online-co-uk.idiotica.co.uk/_mem_/
formslogin.asp/ http://session-7393533.nationalcity.com.userpro.tw/
corporate/onlineservices/TreasuryMgmt/
Thank You !