WEB SPOOFING

by Miguel and Ngan

Content• Web Spoofing Demo • What is Web Spoofing• How the attack works• Different types of web spoofing• How to spot a spoofed page• Signs that you have been a victim• Stats of Web Spoofing• Conclusion• Questions

What is Web Spoofing• Pretending to be a legitimate site

• Attacker creates convincing but false copy of the site

• Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack

• False Web looks and feels like the real one

• Attacker controls the false web by surveillance

• Modifying integrity of the data from the victims

How the attack works

Explain demo…

Different types of Web Spoofing• DNS server spoofing attack

• One of the most complex types of attack • Alter a domain name to point to different IP address• Redirect to a different server hosting a spoofed site

Different types of Web Spoofing• Content theft

• A copy of a site can be created from the original by saving all the publicly accessible pages, images, and scripts from a site to another server. (Miguel’s Demo)

• Can be done automated by using programs called “spiders”

Different types of Web Spoofing• Subdomain Spoofing

• Normal subdomain: http://subdomain.domain.com• Tricking internet user that they are on the correct URL• Make the URL long enough so that the user cannot see the entire URL

• And more…• IP Address as URL, Email with HTML attached, Frameless Pop-up, and more…

How to detect a spoofed webpage • URL (this is the easiest way to detect the

attack!) • Triple check the spelling of the URL • Look for small differences such as a hyphen (-)

or an underscore (e.g. suntrust.com vs. sun-trust.com)

• Mouse over message (careful: this can be spoofed too!)

• Beware of pages that use server scripting such as php these tools make it easy to obtain your information.

• Beware of javascripting as well. • Beware of longer than average load times.

Signs that you may have been a victim

• If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester's example of the fake ATM's)

• If you have to click submit buttons repeatedly. (class example)

• If you have to enter your password repeatedly (class example)

• If there is any redirection to other webpages.

Stats of Web Spoofing• Web spoofing is increasing at a rapid

pace• According to a study by Gartner

Research •Two million users gave such information to

spoofed web sites.•About $1.2 billion direct losses to U.S. Bank

and credit card issuers in 2003•And about $400 million to $1 billion losses

from the victims

• Archives of reported scams•http://www.millersmiles.co.uk/archives.php

Gartner Research - Graph

Resources• Web Spoofing: Internet Con Game -

http://www.cs.princeton.edu/sip/pub/spoofing.pdf • Web Spoofing 2001 -

http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf What is Web Spoofing - http://www.washington.edu/computing/windows/issue22/spoofing.html

• How Web Spoofing Works - http://www.systemexperts.com/tutors/webspoof.pdf

• Different types of spoofing - http://www.articsoft.com/wp_spoofing.htm

• Archives of Web Spoofing - http://www.millersmiles.co.uk/archives.php

• TrustBar: Protecting Web User - http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm