Embed Size (px)
Citation preview
User Attacks
Eng. Hector M Lugo-Cordero, MS
CIS 4361
February 2012
Why the Users?
• Users are the most vulnerable part of a software security
• No matter how strong a software is, it is still as secure as the user allows
Types of Attacks
• Spamming
• Phishing
• Pharming
Spam
• Undesired mail
• Typically contains advertisement (real or false)
• Not a security attack by itself
Spam by Example
Spam Topics
• Pharmacy … 81%• Replica … 5.40%• Enhancers … 2.30%• Phishing … 2.30%• Degrees … 1.30%• Casinos … 1%• Weight Loss … 0.40%• Other … 6.30%
Spam Forms
• Text message
• Instant message
• Non-trusted advertisements– Could bring drive-by downloads
Spam Defenses
• Spamhaus
• Check for long links
• Check for abnormal strings in urls
• Empty mail
• Capitalized subjects/text
Too Bad :(
Phising
• Use spam as a mechanism to attract victims, hence fishing or phishing
• Pretend to act as a trusted site (e.g. bank) to obtain sensitive information from use
• Example:– http://www.sumtrust.com– Use SSL and make sure GeoTrust (or
equivalent) has signed the certificate– https://www.suntrust.com
Phishing by Example
Pharming
• Attack which does not do anything, but redirect websites to bogus ones
• It’s a FARM of Phishing attacks• Can be done by
– Changing host files• C:\Windows\System32\drivers\etc\hosts• /etc/hosts
– Injection of redirection in the website• Advertisements• Blogs on which an attacker can write <script … </script> as
their comment
Simple Mail Transfer Protocol (SMTP)
• Protocol for sending emails• Works with TCP port 25
– TCP guarantees delivery – Can telnet via port 25 to establish STMP
session with relay
• Commands can be divided into two categories– Header/Prelude– Content/Data
SMTP Prelude
Command Effect Example HELO Announces the SMTP
the upcoming session HELO <domain>
EHLO Same as HELO but for extended SMTP
EHLO <domain>
Mail From: Sets the origin’s email. It must belong to a valid
domain
Mail From: <sender>@<domain>
Rcpt To: Set the destination email. This email has to
be valid
Rcpt to: <receiver>@<domain>
Data Start message content mode
Data
HELP Shows a quick reference to the SMTP/ESMTP
manual
Help
SMTP ContentCommand Effect Example
From: Sets the sender’s info inside email’s content
(can be anything)
From: <from>@<domain>
To: Sets the receiver’s info inside email’s content
(can be anything)
To: <to>@<domain>
Reply-to: Sets an email address to reply the email to
Reply-to: <answer>@<domain>
Subject: Sets the email’s subject Subject: Some Text Content-type: Sets the type of email Content-type: text/plain
Content-type: text/html Content-type: image/jpeg Content-type: audio/mp3 Content-type: video/mp4
Content-type: application/msword . Sends (End) email . (only character on the line)
SMTP SPAM (text example)
• telnet <relay> 25• HELO <any_text>• MAIL FROM: <mailer_addr@domain>• RCPT TO: <destination_addr@domain>• DATA• From: <text>• To: <text>• Reply-to: <reply address>• Subject: <text>• Content-type: text/plain• Hello SPAM World.• .
