Web Development

Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing

Free registration required

Executive Summary

Criminals use web servers to host phishing websites that impersonate financial institutions, to send out email spam, to distribute malware, and for many other illegal activities. To reduce costs, and to avoid being traced, the criminals often compromise legitimate systems to host their sites. Extra files - web pages or applications - are simply uploaded onto a server, exploiting insecurities in its software. Typical techniques involve the exploitation of flaws in the software of web-based forums, photo galleries, shopping cart systems, and blogs. The security 'Holes' that are taken advantage of are usually widely known, with corrective patches available, but the website owner has failed to bother to apply them.

  • Format: PDF
  • Size: 203 KB