Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Antonio Forzieri remove filter
Reactive Phishing Defenses - Part 2
Antonio Forzieri | 27 Oct 2008 | 0 comments

My previous blog article was intended to highlight two new features observed in a number of phishing kits that held the aim of making the lives of security analysts more difficult. I want to now focus my attention on another trick that has been used in phishing kits in order to protect the attack against a technique called "dilution." Dilution is a method of providing a certain amount of false credentials, names, account numbers, and other personal information to a phishing website. With this technique, real credentials are diluted in a sea of false data, making the fraudster's job harder.

There are several different kinds of dilution strategies, classified by the type of data provided to the phishing site:

•    Random Data: a large amount of random unformatted data is submitted. This strategy attempts to fill up the collection point, but has a drawback in that the fraudsters can...

Read more
Reactive Phishing Defenses – Part 1
Antonio Forzieri | 30 Sep 2008 | 0 comments

A "phishing kit" is small piece of software usually written in PHP, HTML, and JavaScript that mimics legitimate portals (for example, financial institution websites) in order to acquire sensitive information such as usernames, passwords, and credit card details. The phishing kits of the first generation were quite simple; the fraudster would build a login page to collect stolen information on local files, saved on the compromised web servers. As shown in the picture below, after the credentials have been saved, users are redirected to the legitimate website.

 

This approach has an obvious drawback: if the directory-listing feature is enabled on the web server, other Internet users (including the compromised financial institutions) would be able to read those files. The countermeasure that was adopted by the fraudsters was...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,916