Temporal correlations between spam and phishing websites

Authors:
Tyler Moore;Richard Clayton;Henry Stern
Affiliations:
Center for Research on Computation and Society, Harvard University;Computer Laboratory, University of Cambridge;Cisco IronPort Systems LLC
Venue:
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Year:
2009

Citing 4
Cited 6

Examining the impact of website take-down on phishing

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Evaluating a trial deployment of password re-use for phishing prevention

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Spamalytics: an empirical analysis of spam marketing conversion

Proceedings of the 15th ACM conference on Computer and communications security
Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing

Financial Cryptography and Data Security

Dissecting one click frauds

Proceedings of the 17th ACM conference on Computer and communications security
Detecting malicious web links and identifying their attack types

WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
No plan survives contact: experience with cybercrime measurement

CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade

SEC'11 Proceedings of the 20th USENIX conference on Security
Fashion crimes: trending-term exploitation on the web

Proceedings of the 18th ACM conference on Computer and communications security
An analysis of socware cascades in online social networks

Proceedings of the 22nd international conference on World Wide Web

Quantified Score

Hi-index	0.00

Visualization

Abstract

To implement a phishing scam, attackers must create a fake website and send spam to attract visitors. To date, empirical research into phishing's impact has studied either the spam being sent or the website lifetimes. In this paper, we examine both phishing websites and the associated spam to gauge the overall effectiveness of phishing attack and defense. We find that while the bulk of spam is sent around the time of the website's first appearance, spam continues to be sent for many longer lived websites until they are finally removed. We also find that attackers using 'fast-flux' techniques are savvier than ordinary attackers, sending out more spam prior to detection and stopping faster once the websites are taken down. Finally, we conclude that fast-flux attacks pose the greatest phishing threat since they account for 68% of spam despite comprising just 3% of hosts.