PoisonAmplifier: A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks

Zhang, Jialong; Yang, Chao; Xu, Zhaoyan; Gu, Guofei

doi:10.1007/978-3-642-33338-5_12

Cited by 11 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although these studies analyzed the infrastructure and traditional distribution techniques for fake AV software-such as drive-by downloads and fake infection alerts-new distribution tactics using FRAD sites have not been revealed. There is also related work that describes case studies of fake AV software distribution from social engineering aspects [4], [11], [12], [15], [16], [20], [21], [22], [23], [24], [25], [26], [27], [28], [29], [30], [31], [32]. In most studies, they analyzed fake infection alerts via advertisements that threaten or attract users to install fake AV software.…”

Section: Related Workmentioning

confidence: 99%

Understanding the Fake Removal Information Advertisement Sites

Koide

Chiba²,

Akiyama³

et al. 2021

Journal of Information Processing

View full text Add to dashboard Cite

Fake antivirus (AV) software is a type of malware that disguises as legitimate antivirus software and causes harm to users and their devices. Fake removal information advertisement (FRAD) sites, which introduce fake removal information for cyber threats, have emerged as platforms for distributing fake AV software. Although FRAD sites seriously threaten users who have been suffering from cyber threats and need information for removing them, little attention has been given to revealing these sites. In this paper, we propose a system to automatically crawl the web and identify FRAD sites. To shed light on the pervasiveness of this type of attack, we performed a comprehensive analysis of both passively and actively collected data. Our system collected 2,913 FRAD sites in 31 languages, which have 73.5 million visits per month in total. We show that FRAD sites occupy search results when users search for cyber threats, thus preventing the users from obtaining the correct information.

show abstract

Section: Related Workmentioning

confidence: 99%

Understanding the Fake Removal Information Advertisement Sites

Koide

Chiba²,

Akiyama³

et al. 2021

Journal of Information Processing

View full text Add to dashboard Cite

show abstract

“…If the supply-side factors include things like the availability of static analysis tools [19] and the ease of searching and fingerprinting WordPress deployments [42], popularity would be a notable demand-side factor. Accordingly, there should be only a small incentive to find new vulnerabilities from unpopular plugins.…”

Section: Introductionmentioning

confidence: 99%

A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

Ruohonen

2019

Proceedings of the Evaluation and Assessment on Software Engineering

View full text Add to dashboard Cite

WordPress has long been the most popular content management system (CMS). This CMS powers millions and millions of websites. Although WordPress has had a particularly bad track record in terms of security, in recent years many of the well-known security risks have transmuted from the core WordPress to the numerous plugins and themes written for the CMS. Given this background, the paper analyzes known software vulnerabilities discovered from WordPress plugins. A demand-side viewpoint was used to motivate the analysis; the basic hypothesis is that plugins with large installation bases have been affected by multiple vulnerabilities. As the hypothesis also holds according to the empirical results, the paper contributes to the recent discussion about common security folklore. A few general insights are also provided about the relation between software vulnerabilities and software maintenance. CCS CONCEPTS• Security and privacy → Web application security;

show abstract

“…This approach, however, requires numerous system and network resources for inspection, so it is a time-consuming process. Effective methods for discovering suitable seed URLs to apply crawling have been proposed recently [7][8][9]. Although these guided crawling methods can dramatically reduce the cost of crawling, another problem still remains, i.e., the need to rapidly discover unknown malicious websites.…”

Section: Introductionmentioning

confidence: 99%

HoneyCirculator: distributing credential honeytoken for introspection of web-based attack cycle

Akiyama

Yagi

Hariu

et al. 2017

Int. J. Inf. Secur.

View full text Add to dashboard Cite

A web user who falsely accesses a compromised website is usually redirected to an adversary's website and is forced to download malware after being exploited. Additionally, the adversary steals the user's credentials by using information-leaking malware. The adversary may also try to compromise public websites owned by individual users by impersonating the website administrator using the stolen credentials. These compromised websites then become landing sites for drive-by download malware infection. Identifying malicious websites using crawling techniques requires a large amount of resources and time. To monitor the web-based attack cycle for effective detection and prevention, we propose a monitoring system called HoneyCirculator based on a honeytoken, which actively leaks bait credentials and lures adversaries to our decoy server that behaves like a compromised web content management system. To recursively analyze attack phases on the web-based attack cycle, our proposed system involves collecting malware, distributing bait credentials, monitoring fraudulent access, and inspecting compromised web content. It can instantly discover unknown malicious entities without conducting large-scale web crawling because of the direct monitoring behind the B Mitsuaki Akiyama

show abstract

PoisonAmplifier: A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks

Cited by 11 publications

References 9 publications

Understanding the Fake Removal Information Advertisement Sites

Understanding the Fake Removal Information Advertisement Sites

A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

HoneyCirculator: distributing credential honeytoken for introspection of web-based attack cycle

Contact Info

Product

Resources

About