论文信息 - Temporal Correlations between Spam and Phishing Websites

Temporal Correlations between Spam and Phishing Websites

To implement a phishing scam, attackers must create a fake website and send spam to attract visitors. To date, empirical research into phishing's impact has studied either the spam being sent or the website lifetimes. In this paper, we examine both phishing websites and the associated spam to gauge the overall effectiveness of phishing attack and defense. We find that while the bulk of spam is sent around the time of the website's first appearance, spam continues to be sent for many longer lived websites until they are finally removed. We also find that attackers using 'fast-flux' techniques are savvier than ordinary attackers, sending out more spam prior to detection and stopping faster once the websites are taken down. Finally, we conclude that fast-flux attacks pose the greatest phishing threat since they account for 68% of spam despite comprising just 3% of hosts.

Tyler Moore | Richard Clayton | T. Moore | R. Clayton

[1] Felix C. Freiling,et al. Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[2] Tyler Moore,et al. Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing , 2009, Financial Cryptography.

[3] Tyler Moore,et al. The Impact of Incentives on Notice and Take-down , 2008, WEIS.

[4] Chris Kanich,et al. Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[5] Cormac Herley,et al. Evaluating a trial deployment of password re-use for phishing prevention , 2007, eCrime '07.

[6] Tyler Moore,et al. Examining the impact of website take-down on phishing , 2007, eCrime '07.

[7] Tyler Moore,et al. The consequence of non-cooperation in the fight against phishing , 2008, 2008 eCrime Researchers Summit.