Temporal correlations between spam and phishing websites
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Proceedings of the 17th ACM conference on Computer and communications security
ACM Transactions on Management Information Systems (TMIS)
Searching the searchers with searchaudit
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
High tech criminal threats to the national information infrastructure
Information Security Tech. Report
Heat-seeking honeypots: design and experience
Proceedings of the 20th international conference on World wide web
Foundations and Trends in Information Retrieval
Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade
SEC'11 Proceedings of the 20th USENIX conference on Security
Fashion crimes: trending-term exploitation on the web
Proceedings of the 18th ACM conference on Computer and communications security
Colonel blotto in the phishing war
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Ethical dilemmas in take-down research
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Revisiting network scanning detection using sequential hypothesis testing
Security and Communication Networks
The role of web hosting providers in detecting compromised websites
Proceedings of the 22nd international conference on World Wide Web
| Hi-index | 0.00 |
Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers' widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised whenever the root cause of the vulnerability is not addressed. We find that 19% of phishing websites are recompromised within six months, and the rate of recompromise is much higher if they have been identified through web search. By contrast, other public sources of information about phishing websites are not currently raising recompromise rates; we find that phishing websites placed onto a public blacklist are recompromised no more frequently than websites only known within closed communities.