The Impact of Public Information on Phishing Attack and Defense
Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers' widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised however the root cause of the vulnerability is not addressed. We find that 17% of phishing websites are recompromised within a year, and the rate of recompromise is much higher if they have been identified through web search. By contrast, other public sources of information about phishing websites actually lower recompromise rates. We find that phishing websites placed onto a public blacklist are recompromised less often than websites only known within closed communities. Consequently, we conclude that strategic disclosure of incident information can actually aid defenders if designed properly.
Volume (Year): 1 (2011)
Issue (Month): 81 (1st quarter)
|Contact details of provider:|| Postal: BP 4167, 34092 Montpellier cedex 5|
Phone: 33 (0)467 144 444
Fax: 33 (0)467 144 400
Web page: http://www.idate.org/en/Home/
More information through EDIRC
References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
- Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
When requesting a correction, please mention this item's handle: RePEc:idt:journl:cs8102. See general information about how to correct material in RePEc.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (BLAVIER Thomas)
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
If references are entirely missing, you can add them using this form.
If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.
Please note that corrections may take a couple of weeks to filter through the various RePEc services.