- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Tue, 24 Jul 2007 13:10:41 -0400
- To: "Thomas Roessler" <tlr@w3.org>, "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: "W3 Work Group" <public-wsc-wg@w3.org>
Been away, trying to catch up Sorry if this has already gone around, thought that this was interesting evolution of capability. Reviewing against user agent efforts. http://www.honeynet.org/papers/ff/index.html "ADVANTAGES FOR THE ATTACKER ¨Traditional¨ cyber-crime activities such as phishing typically require an attacker to compromise one or more victim computer systems (either individually or via mass auto-rooters) and establish a fake or fraudulent web site. Content would then be advertised to victims either by mass emailing or more targeted marketing (spear phishing), often through other compromised computer systems and botnets. The computer systems hosting the malicious content would be identified either by public DNS name or directly by IP address embedded within the email lure messages. These types of scams are identified relatively quickly by security professionals and can be quickly shut down. As the average time of survival was reduced for these phishing websites, criminals began to add additional layers of protection, such as server address obfuscation or utilize groups of proxy servers to redirect network. Such systems are limited in scale and can still be tracked down fairly quickly with international co-operation. We are now seeing the next evolutionary step, the fast-flux network. In the end, it's all about Return on Investment (ROI) for the criminals, and fast-flux service networks provide a reliable way to maximize the returns on their criminal activities for relatively low effort. Fast-flux service networks offer three major advantages to operators of Internet based criminal activity." Bill D.
Received on Tuesday, 24 July 2007 17:10:57 UTC