ASK PC Academy

Phishing Methods and Countermeasures

Eng. Anas Ramadan Sulaiman

2010/2011

1

Index

Introduction………………………………………………………………… 3

Chapter one: E-Mail Systems……………………………………………… 4

1.1 Component of E-Mail System……………………………………………4

1.2 E-Mail Protocol...………………………………………………………...5

Chapter two: Spam…………………………………………………………..7

2.1 Spam Definition...... 7

2.2 Methods of E-Mail Spam………………………………………………...8

Chapter Three: Phishing…………………………………………………….10

3.1 Phishing Definition……………………………………………………….10

3.2 Phishing Technique...... 10

3.3 Phishing Countermeasures ...... 11

Reference……………………………………………………………………..13

2

Introduction

E-mail has become the modern means of communication to spread and growing with the passage of days, whether at the level of individual or organizations. In many areas of business the e-mail is replaced by FAX as a mean communication tool.

E-mail may exploit like any another methods of messaging, poorly exploited. In this research we will explain what e-mail system is, discuss about spam and we will talk about phishing.

This research is intended to computer users and the global network that use the e-mail messaging.

3

Chapter 1 E-Mail System

In this chapter will explain what e-mail system in terms of components is, and how it work whit each other.

1.1 Components of the E-Mail System Its contain E-mail client, and E-mail server. 1.1.1 E-Mail Client It’s called (Mail User Agent MUA). It’s the interface between user and e- mail server. The functions of the e-mail client is :

1) Retrieve mail from the mail account on a server by using POP3. 2) Message settings based on the measurements for transmission. 3) Delivery of messages to the e-mail server by using SMTP.

For example for Mail User Agent, Microsoft Outlook. (1)

Figure (1.1): E-Mail System

(1) Website www.microsoft.com/outlook/

4

1.1.2 E-Mail Server

It’s called too, Mail Transfer Agent (MTA). It’s responsible for send and receives e-mail from and to another e-mail server.

For example Microsoft Exchange Server.(1)

1.2 Protocols

1.2.1 SMTP

SMTP or Simple Mail Transfer Protocol is a protocol for sending email messages between servers. It is the most common protocol for sending email between two servers of the . These emails can then be retrieved from servers either (Post Office Protocol) POP or (Internet Message Access Protocol) IMAP. SMTP servers are also sometimes referred as outgoing mail servers.

1.2.2 POP

POP or Post Office Protocol is a protocol used to retrieve email from a mail server. Almost all email applications use the POP protocol. There are two versions of POP, namely, POP2 (requires SMTP to send messages) and POP3 (can be used with or without SMTP).

1.2.3 IMAP

MAP or Internet Message Access Protocol is a protocol for retrieving email messages from the mail server. The latest version, IMAP4, is similar to POP3 but supports some additional features. For example, with IMAP4, one can search through email messages for keywords while the messages are still on mail server. User can then download chosen messages to the machine.

(1) Website www.microsoft.com/exchange/default.mspx

5

1.2.4 MIME

MIME or Multipurpose Internet Mail Extensions is a protocol used for formatting non-ASCII messages to be sent the Internet. Many of the current email services support MIME, enabling them to send and receive graphics, audio, and video files through the email system. In addition, MIME supports messages in character sets other than ASCII.

6

Chapter 2 Spam

2.1 Spam Definition:

Also known as junk email or unsolicited bulk email, spam that is sending a huge of spam and non-required or expected or desired by the recipient of these messages.

The purpose of these messages is the commercial advertising, and through the resort advertisers to advertise what they want easy and low cost. There is also used for other purposes where these messages such as fraud and these come under section of social engineering.

For organizations, there are risks of financial and security can be triggered by these messages, on the financial side:

 Lost working hours to read these messages and filtered by the staff.  Lost space on the hard disk to save these messages until they read it.  Unnecessarily traffic to the e-mail server.  Unnecessarily consumption to data network bandwidth to the organization.

7

2.2 Methods of E-Mail Spam

2.2.1 E-Mail Spoofing

Missing (SMTP) property to the of the sender, it is possible to send any message to any email address by manipulating header of the message, specifically the field (from) which represents the address of the sender’s message is coming from the e-mail address does not necessarily reflect the reality of a personal sender. And the provisions of the kind of messages are advised do not to open attached files or links in messages.

2.2.2 Open Mail Relay It is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular due to their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

2.2.3 Image-Based Spam Spammer turn to the desired use of the image in the message text to avoid the filtration process based on textual content, and which is included in the form of text files in a text message.

8

2.2.4 Dictionary Attack Spammer may use the dictionary to guess e-mail address, and so by adding the names of the meaning of the names of famous bands, and in this way make up the e-mail addresses.

2.3 Countermeasures of E-Mail Spam

2.3.1 Filtration Be a filter messages on the part of the following message  Header.  Subject.  Body.

2.3.2 Black Lists / White Lists

The black lists are containing e-mails, domain name and IP address for email server. It does not allow for e-mail coming from those address pass through receive server.

2.3.3 Commercial White Lists

Lists systems are sold by independent service provider or e-mail for a fee paid by the sender to ensure that receive e-mail to the receiver.

One of the methods used in such systems is Scoring and Certification, and therefore the message that it licensed from trusted source, and succeed to pass to the receiver.

9

Chapter 3 Phishing

3.1 Phishing Definition

Theft of personal data confidential and sensitive message by e-mail shows impersonation. By impersonation a bank or a specific organization and delude the victim’s request seriously and its importance.

In shortly we can write phishing e-mail in the following steps:

1. Planning to phishing attack. 2. Processing fake site. 3. Send a huge amount of spam. 4. Number of recipient of the message they open the forged letter, and follow the link in the message and then write the data required in the fake site. 5. Phisher steal confidential data, and then posing figure of the victims.

3.2 Phishing technique

 DNS Poisoning.

It called also Pharming. This approach it’s way that the hacker attack on the domain name server (DNS).

 Host file poisoning

It’s look like partly to DNS poisoning. In this approach the hackers poisoning the host file of victim’s.

10

 Content injection.

In this approach the phisher add malicious content or injection in the legitimate site. This malicious content may do the following:

. Forward the visitor of the legitimate site to fake site. . Install malware on computer visitors. . Re-routing the data that entered in the site to mail server phishing.  Man in the middle attack.

In this approach the phisher interference and impersonation of both terminals during of the process of direct contact on the web between the user and server.

Correct state is to be correspondence between the client and the site directly without any intermediary unknown to both terminals.

3.3 Phishing Countermeasures

 Prevent attack phishing before happens. Organization can be potentially be targeted by attack phishing would improve the resistance of these organization prior to the attack.

Procedures include the following:

. Create an account e-mail for report story. . Control e-mails bounced back. . Control client service center. . Control client account.

11

. Monitor the use of images containing the organization’s logo or symbol.  Filtration: We talk about this in the previous chapter (filtration of spam).  Security patches and firewall: After we install the last security patches and firewall it’s consider the countermeasures of phishing.  Visual keyboard: This is another way to enter the confidential data about the traditional way.

12

References

1. NickJohnston,PDFSpam:SpamEvolves,PDFbecomestheLatestThreats, Anti-SpamDevelopmentatMessageLabs, 2.“Microsoft Phishing Filter: x New Approach to Building Trust in E-Commerce Content”, anti-phishing white paper, Microsoft.com,2005 3. The Anti-Phishing Working Group, www.apwg.com. 4. M. Jaxobson, S. Myers, “Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft”, WILEY, 200 6. www.coeia.edu.sa center of excellence in information assurance.

13