Text Size
- Home
-
News
Advanced computing news from Communications of the ACM, other ACM resources, and from around the Web.
- Blogs
- Opinion
-
Browse by Subject
Recent articles from Communications organized into categories that encompass the broad scope of computing.
-
Magazine Archive
-
Careers
Jump-start your career with information on trends, opportunities and jobs – in both industry and academia.
- ACM Resources
-
Subscribe
Receive the benefits of ACM membership with a subscription to its flagship publication, Communications of the ACM.
This Article
ACM TechNews
Tracking Devious Phishing Web Sites
![[article image]](/system/assets/0000/1689/101909_IU_Minaxi_Gupta.large.jpg?1255982196&1255982195 "Indiana University Assistant Professor of Computer Science Minaxi Gupta")
Machines involved in a flux trick "don't belong to the miscreants, they belong to you and I and our grandmothers," says Minaxi Gupta, an assistant professor of computer science at Indiana University.
Credit: Indiana University
Internet security experts have discovered that many phishers are using a trick called a flux, which allows a fake Web site to rapidly change its URL, making it difficult for defenders to block phishing sites or warn unsuspecting users. New research has found that about 10 percent of phishing sites are now using flux.
Indiana University professor Minaxi Gupta says that because phishers often have access to thousands of hijacked machines they can quickly move a site around the Internet, protecting it from security professionals while keeping the fake site operational. To use a flux, phishers must control a domain name, giving them the right to control its name server. The phisher can then set the name server so it directs each new visitor to a different set of machines, rapidly cycling through the thousands of addresses available within its botnet. If the name server also is moved to different locations on the Internet, it is particularly difficult for defenders to pinpoint a central location where the fake site can be shut down.
Gupta has identified several methods for detecting a flux and suggests that flux detection should be incorporated into the domain name system itself, because only a fraudulent site is likely to use a flux. There are some legitimate reasons for using a flux, but a legitimate flux looks different from a flux on a botnet. Shortening the detection time of phishing sites by even a few hours can make a major difference and make the scams less profitable for criminals, Gupta says.
From Technology Review
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA 
Sign In To Comment On This Article
Create A Web Account
If you are an ACM member, Communications subscriber, Digital Library subscriber, or use your institution's subscription, please set up a web account to access comments, premium content and additional site features.
If you are a SIG member or member of the general public, you may set up a web account to comment on free articles and sign up for email alerts.
Tools For Readers
Related ACM Resources
Conferences:
- ICAART 2010: Second International Conference on Agents and Artificial Intelligence - January 22, 2010 – January 24, 2010; Valencia, Spain
Courses:
- Network+ Certification Fourth Edition (Part 1): Network Communications Theory - In this course, you will identify and describe the foundational networking theories, terminology, and technologies used in modern PC-based computer networks. You will also learn …
About Communications |
Join ACM 
|
Renew |
Subscribe |
Sign In |
For Authors |
For Advertisers |
Privacy |
Site Map |
Help |
Contact Us
Copyright © 2010 by the ACM. All rights reserved.