Flux in Fraud Infrastructures - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Flux in Fraud Infrastructures

Description:

10-30% of phishing Web servers exhibit fast flux. 60% of their DNS servers exhibit DNS flux ... Fraud infrastructures have telltale signs ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 8
Provided by: netsecCo
Category:

less

Transcript and Presenter's Notes

Title: Flux in Fraud Infrastructures


1
Flux in Fraud Infrastructures
  • Minaxi Gupta
  • Computer Science Dept.
  • Indiana University, Bloomington

2
Fraud evolution
  • Economically driven
  • Pull vs push-based
  • Much is Web-based
  • Uses botnets extensively

3
Internet fraud has an infrastructure behind it
  • Phishing
  • Scam sites
  • Drive-by downloads
  • Socially-engineered malware

4
It is provisioned differently
  • Flux in phishing
  • Fast flux
  • DNS flux
  • Double flux
  • Helps escape detection and promotes longevity of
    fraud

5
Observations
  • 10-30 of phishing Web servers exhibit fast flux
  • 60 of their DNS servers exhibit DNS flux
  • Most fluxing Web servers are part of double-flux
    infrastructure
  • Same machines act as Web and DNS servers in many
    cases
  • One host name resolves to many IPs but many names
    share a common pool of IPs

6
Take away
  • Fraud infrastructures have telltale signs
  • It may be possible to create signatures that
    distinguish fraud infrastructures from regular
    Internet infrastructure
  • Need to investigate what the signatures should
    look like

7
Caution
  • DoS attacks do not have Web sites
  • Hacked sites can be used to host fraud
  • This talk takes a DNS perspective on fraud
    infrastructures
  • Many by-pass DNS by using IP addresses
  • Signatures in the absence of flux?
  • Can criminals evolve to bypass signatures?
Write a Comment
User Comments (0)
About PowerShow.com