JETRO/IPA NY 1. (Phishing) (Pharming) (Evil Twin) (Ransomware) IM( ) (Key Logger) 2. (Pharming) (1) 2005 (Phishing) Gartner 2004 5,700 1
102 APWG(Anti-Phishing Working Group) 2005 3 2870 34% 6 National Cyber-Forensics and Training Alliance NCFTA 2005 4 5 5 Pharming Google FBI / FBI Web W32.Sober.K@mm police@fbi.gov fbi@fbi.gov officer@fbi.gov web@fbi.gov Phishing URL 2
DNS Poisoning DNS (Key Logger ) PC 2005 SANS Institute 2005 3 SANS Institute Google ebay (ABX toolbar ) SANS Institute DNS DNS Poisoning (2) Pharming (Phishing) (fishing) 3
farming f ph leetspeak leetspeak elite leetspeak for 4 A 4 S 5 $ F = ph leetspeak 1337$p34k leetspeak leetspeak leetspeak Google H4x0r(Google Hacker ) (3) hosts file hacking DNS Poisoning 2 1 hosts file hacking P2P PC PC OS hosts IP URL Web DNS URL hosts file hacking Microsoft Outlook hosts 1 DNS Poisoning DNS(Domain Name System) DNS hosts 4
DNS Poisoning 1. DNS URL IP 2. DNS IP DNS 3. 2. DNS IP DNS UDP (User Datagram Protocol) IP DNS DNS (4) DNS Poisoning DNS Poisoning SSL(Secure Sockets Layer) SSL SSL SSL DNS DNS Poisoning DNS 5
IP DNS DNS IDS(Intrusion Detection System) DNS DNS Poisoning DNSSEC (DNS Security Extension) DNS Poisoning (5) DNS DNS Poisoning SANS Institute DNS Poisoning DNS Symantec Gateway Security Enterprise Firewall DNS DNS Poisoning 2004 6 Symantec Gateway Security DNS Poisoning DNS Symantec Symantec Security Gateway DNS DNS DNSd DNSd DNS Poisoning DNS Poisoning DNS DNS DNS Poisoning 6
DNS Poisoning SANS Institute Internet Storm Center(ISC) Symantec ISC 30 40 ISC Symantec DNS DNS (6) DNS Poisoning Anonymizer Anonymizer2005 (Windows XP/2000 $29.99( )) URL hosts DNS hosts Web Netcraft Firefox 5 24 ebay PayPal Netcraft 7
Windows hosts Web DNS 3. (1) APWG APWG (Phishing Activity Trends Report) 2005 2 IM APWG Pharming Phishing 2005 IT IT APWG APWG Peter Cassidy Phishing APWG 8
(2) DNS Poisoning Sophos Gregg Mastoras DNS Poisoning 10 DNS DNS Poisoning SANS Institute Internet Storm Center(ISC) Netcraft DNS Poisoning BIND(UNIX DNS ) DNS Nominum 1983 The Internet Engineering Task Force(IETF) Paul Mockapetris DNS CEO Chris Risley Mockapetris DNS DNS BIND DNS Poisoning F-secure DNS Poisoning DNS Pandasoftware DNS Poisoning SurfControl DNS URL 9
IT ID (3) DNS TECF Trusted Electronic Communications Forum Shawn Eldridge DNS Anonymizer 6 (4) 10
Patrick Leahy 1 Anti-Phishing Act of 2005 Leahy ID web 25 5 Microsoft 2005 3 31 MSN Hotmail 117 (ISP) (Lanham Act) ( John Doe ) ISP America Online (AOL) Nicholas Graham Microsoft 1 100 Microsoft ISP web 6 2 Netcraft ISP ISP Microsoft 11
1 ISP 4. (1) (Evil Twin) 2005 5 17 Wall Street Journal 2005 (Evil Twin) (WiFi ) AP VeriSign CSO Ken Silva AirDefense 2005 4 IT BT Group Deutsche Telekom T-Mobile 45 2005 5 1 7 T-Mobile Hilton Hotel Web 12
AirDefense Jay Chaudhry (cracker) AirDefense SSL(Secure Sockets Layer) PC WiFi PC T-Mobile Starbucks T-Mobile WiFi T-Mobile WiFi PC (2) (Ransomware) PC (ransom) Websense 2005 5 23 Internet Explorer(IE) PC PC 15 Trojan.Pgpcoder 13
PC Microsoft Office 15 200 Semantec Security Response Oliver Friedrichs (Ransomware) Lurhq Corp Joe Stewart (3) IM IM ( ) IMlogic 2005 5 24 Yahoo! Messenger 14
America Online (CTO) Jon Sakoda 3 IM StarGames StarGames Yahoo ( http://yahoopremium.bravehost.com/star_games ) Yahoo! Messenger Yahoo Hotmail IM Imlogic Sakoda IM IM APWG 2005 2 IM 2005 4 12 Websense IM PC 200 Dan Hubbard (4) Cyota 2005 5 16 Cyota 15
PIN CVD 3 Cyota Amid Orad APWG Dave Jevans 2005 5 Blue Security (Registration Attacks) Password Reminder Attacks 2 8 john@bluesecurity.com 16
ISP 9 bowman@bluesecurity.com 55 17
ID Blue Security ebay ID Scott Shipman ID (5) (Key Logger ) APWG 2005 3 Websense Security Labs. PC (Keystroke) (Log) 2005 2 18
3 8 10 100 (6) 2004 12 1 CyberGuard Paul Henry Google 19
PC Websense Security Labs 2004 2005 (7) ASCII URL IDN Internationalized Domain Name 2005 1 ASCII URI(IRI Internationalized Resource Identifier) ASCII 2005 2 IDN URL IDN URL Firefox Mozilla Foundation Mozilla Foundation's short-term response Mozilla Foundation TLD The Council of European National TLD Registries(CENTR) 2005 2 CENTR IDN APWG 2005 2 IDN 20
APWG 21
http://www.antiphishing.org http://www.the-dma.org/cgi/disppressrelease?article=643 http://isc.sans.org/diary.php?date=2005-03-04 http://securityresponse.symantec.com/avcenter/security/content/2004.06.21.html http://www.isc.sans.org http://www.anonymizer.com/anonymizer2005/1.5/ http://www.centr.org/docs/2005/02/homographs.html http://www.sophos.com/ http://www.wired.com/news/infostructure/0,1377,66853,00.html http://www.computerworld.com/printthis/2003/0,4814,82528,00.html http://news.netcraft.com/ http://www.f-secure.com/ http://www.pandasoftware.com/home/default.asp http://www.surfcontrol.com/ http://www.washingtonpost.com/wp-dyn/articles/a16257-2005mar31.html http://online.wsj.com/public/article/0 SB111628737022135214- vzmiowinuzp8jh0_cdu6q0_kmiy_20060517 00.html?mod=tff_main_tff_top http://www.websensesecuritylabs.com/alerts/alert.php?alertid=194 http://imlogic.com/im_threat_center/threatdetail.asp?ithreatid=597&mr=top3&hr=top3 http://www.cyota.com/news.asp?id=179 http://antiphishing.org/apwg_phishing_activity_report_feb05.pdf http://www.websensesecuritylabs.com/resource/pdf/apwgphishingactivityreportmarch 2005.pdf http://ww2.websense.com/global/en/pressroom/pressreleases/pressreleasedetail/?releas e=050412889 http://www.cyberguard.com/news_room/advisories/holiday_phishing_scam.html?lang=de_ EN http://download.bluesecurity.com/research/hostileprofiling.pdf hiroyoshi_watanabe@jetro.go.jp 22