WEB

SPOOFING
Guided by:
Prepared by:
Miss Shubhra Saxena Varun
kumar (lect. CSE)
CSE
VIIISem
WEB SPOOFING:

Web Spoofing is Tricking

Someone into visiting a Website
other than one they intend to
visit ,by creating a similar
website.

Web Spoofing is a Phishing

Scheme.
STARTING THE ATTACK

The attacker must somehow lure the

victim into the attacker’s false web.
there are several ways to do this.
If the victim is using email, the attacker
could email the victim a pointer to false
Web
Finally, the attacker could trick a web
search engine into indexing part of a false
Web.
ATTACK: E-MAIL RECEIVED THAT LOOKED LIKE
THIS?
From: Bank of Baroda
To: John Abraham
Subject: Your Online Banking Account is Inactive

Your Online Banking Account is

Innactive
We closed your online access for security reasons.

Click here to access your account

We must verify your account information.

Bank of Baroda, N.A. Member FDIC. Equal Housing Lender

© 2004 Bank of Baroda Corporation. All rights reserved.
TRICKING SEARCH ENGINES
 the correct address for Microsoft?
Is MICR0SOFT.COM or MICROSOFT.COM

 Is it
orkut.com (www.orkut.com/ ) OR
0rkut.com(www.tagomatic.com/view-
sites/0rkut.com/ )
SPOOFING ATTACKS IN THE
PHYSICAL WORLD
 Inthe physical world For example, there
have been several incidents in which
criminals set up bogus automated teller
machines. the criminal copy the victim’s
card and use the duplicate.
 In the these attack people were fooled for
the context what they saw. The location of
the machine and The appearance of their
electronic displays.
WORKS IN THE PAST
PRINCETON PART-I

In 1996, “Feltan et al “ at Princeton originated the

Term WEB SPOOFING and explored spoofing
attacks in Netscape Navigator & Internet Explorer.

 He made a Shadow copy of few websites by using

Java Script, and when victim accessed the shadow
web, he was able to monitor his all activities.
UCSB-PART II
In same year “De Paoli” suggested a new
methods of web spoofing

 A client downloads Honey-pot HTML document

that has embedded spy Applet. As client opens
new webpage ,a new Java thread starts sending
info. to attacker.
CMU-PART III
In 1996,”Tiger & Whitten” demonstrated
use of Applets as Trojan Horse.

 These Trojans appeared like Dialog boxes, but

have ability of Desktop Capturing and key logging.
The Popular Trojans are Sub-7, NetBus, AK-47 etc.
HOW THE ATTACK
WORKS

Logical Level  CODING

View Level  FORMS

LOGICAL LEVEL: URL
REWRITING

A Phisher could insert a malicious

script inside a product review to attack
the user.
 The Script would modify the host site
so that the user believes he/she is
interacting with secure site.
 For example,
http://home.netscape.com becomes
http://www.attacker.org/http://home.netscape.c
.
FORMS 
 When the victim submits a form, the
submitted data goes to the attacker’s server.
The attacker’s server can observe and even
modify the submitted data, doing whatever
malicious editing desired, before passing it
on to the real server.
Information Flow Model

victim

SERVER
 1. A deceptive message is sent from
the phisher to the user.
2. A user provides confidential
information to a phishing server
(normally after some interaction
with the server).
3. The phisher obtains the
confidential information from the
server.
Information
4. The confidential information is
Flow Model  used to impersonate the user.
5. The phisher obtains illicit monetary
gain.
CONSEQUENCES-
SURVEILLANCE
 The attacker can passively watch the traffic,
recording which pages the victim visits and
the contacts of those pages.
 This allows the attacker to observe any
account numbers or passwords the victim
enters.This is called as Desktop Monitoring.
TAMPERING –
 The attacker can modify any of the data
traveling in either direction between the
victim and the Web, without letting victim
know.
 The attacker would change the product
number, quantity or ship to address.
ANTI-SPOOFING
COUNTERMEASURES
To handle this type of crime, we need to work
in 3 Fields 
 Users (net training)

 Softwares (antispyware)

 Laws ($25,000 fine or 5 yr imprisionment)

REMEDIES
Follow a three part strategy:
 Disable JavaScript in your browser so the
attacker will be unable to hide the
evidence of the attack;
 Make sure your browser’s location line is
always visible;
 Pay attention to the URLs displayed on
your browser’s location line, making sure
they always point to the server you think
you are connected to.
WEB SPOOFING
Leading Nations
CONCLUSIONS
 Spoofing is a serious threat for International
community, as the real-world applications
are getting more importance over world-wide
web.

 Understanding the tools & methods, the

spoofers have at their disposal, we can
defend attacks to a considerably amount.
QUERIES