A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.
技術摘要-英文: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.
A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.
技術摘要-英文: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.
A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string from an infected computer, which is infected by a computer worm, through a network. Wherein, the infected string includes a shell code, which is executed by utilizing a vulnerable process. The string generating module generates a curing code to cure the computer worm on the infected computer. Wherein, the curing code can be executed by utilizing the vulnerable process, which is the same as the one utilized by the shell code. The string generating module replaces the shell code in the infected string with the curing code to generate a curing string. The string replying module replies the curing string to the infected computer. Hence, the curing code of the curing string can be executed utilizing the vulnerable process of the infected computer to cure the computer worm on the infected computer.
技術摘要-英文: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string from an infected computer, which is infected by a computer worm, through a network. Wherein, the infected string includes a shell code, which is executed by utilizing a vulnerable process. The string generating module generates a curing code to cure the computer worm on the infected computer. Wherein, the curing code can be executed by utilizing the vulnerable process, which is the same as the one utilized by the shell code. The string generating module replaces the shell code in the infected string with the curing code to generate a curing string. The string replying module replies the curing string to the infected computer. Hence, the curing code of the curing string can be executed utilizing the vulnerable process of the infected computer to cure the computer worm on the infected computer.
以目前傳播釣魚網站最大宗的垃圾郵件(Spam)為目標,收集流經路由器之URL資訊以偵測釣魚攻擊。 由於釣魚網站存在時間有限,而攻擊者多利用垃圾郵件(Spam)大量發送的特性亂槍打鳥以提高成功效果,將產生短時間內有大量連結指至某一域名(domain)之特性。以sniffer技術紀錄流經路由器之URL,於第一時間對可疑之域名(domain)的URL進行釣魚網站之檢測。 檢測部分若任一URL符合下列三項即判定為釣魚網站 (1)單位時間內,同域名之URL出現超過一定量(根據該網域規模而定) (2)這些URL網站是否有form且input type為password之輸入欄位 (3)以Page Rank or third party API取得這些URL的Page Rank or third party score, equal or less than the threshold. 紀錄檢測過網站以加速,並根據管理員使用需求分為純偵測的普通模式及進階的反擊模式。
技術摘要-英文
A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.
技術摘要-中文: 以目前傳播釣魚網站最大宗的垃圾郵件(Spam)為目標,收集流經路由器之URL資訊以偵測釣魚攻擊。 由於釣魚網站存在時間有限,而攻擊者多利用垃圾郵件(Spam)大量發送的特性亂槍打鳥以提高成功效果,將產生短時間內有大量連結指至某一域名(domain)之特性。以sniffer技術紀錄流經路由器之URL,於第一時間對可疑之域名(domain)的URL進行釣魚網站之檢測。 檢測部分若任一URL符合下列三項即判定為釣魚網站 (1)單位時間內,同域名之URL出現超過一定量(根據該網域規模而定) (2)這些URL網站是否有form且input type為password之輸入欄位 (3)以Page Rank or third party API取得這些URL的Page Rank or third party score, equal or less than the threshold. 紀錄檢測過網站以加速,並根據管理員使用需求分為純偵測的普通模式及進階的反擊模式。
技術摘要-英文: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.
1.一種系統架構與流程: provide an accurate approach to defend the whole Internet against Internet Worms and Buffer Overflow-based Botnets with only small-scale initial deployment of Cure System Servers (CSSs)。 2.一種系統架構與流程: provide methods that can cure an attack host that has been compromised by an Internet worm or a buffer overflow-based botnet by deleting the related malware or dropping traffic generated by the malware。 3.一種減少多組sanitizer 過濾同一vulnerable process 同一TIP port的方式: merge sanitizers that are used to filter the traffic heading to the same port of the same vulnerable process. 4.一種減少重覆醫治攻擊主機的方式: filter out and drop cure strings from input strings.
技術摘要-英文
A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string, which is generated by a computer worm, from an infected host, which is infected by the computer worm, through a network. The infected string includes a shellcode, and the shellcode is executed utilizing a vulnerable process. The string generating module generates a curing code for curing the computer worm, and replaces the shellcode in the infected string with the curing code to generate a curing string, such that the curing string can be executed utilizing the vulnerable process. The string replying module replies the curing string to the infected host, such that the curing code of the curing string can be executed utilizing the vulnerable process of the infected host to cure the infected host of the computer worm.
技術摘要-中文: 1.一種系統架構與流程: provide an accurate approach to defend the whole Internet against Internet Worms and Buffer Overflow-based Botnets with only small-scale initial deployment of Cure System Servers (CSSs)。 2.一種系統架構與流程: provide methods that can cure an attack host that has been compromised by an Internet worm or a buffer overflow-based botnet by deleting the related malware or dropping traffic generated by the malware。 3.一種減少多組sanitizer 過濾同一vulnerable process 同一TIP port的方式: merge sanitizers that are used to filter the traffic heading to the same port of the same vulnerable process. 4.一種減少重覆醫治攻擊主機的方式: filter out and drop cure strings from input strings.
技術摘要-英文: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string, which is generated by a computer worm, from an infected host, which is infected by the computer worm, through a network. The infected string includes a shellcode, and the shellcode is executed utilizing a vulnerable process. The string generating module generates a curing code for curing the computer worm, and replaces the shellcode in the infected string with the curing code to generate a curing string, such that the curing string can be executed utilizing the vulnerable process. The string replying module replies the curing string to the infected host, such that the curing code of the curing string can be executed utilizing the vulnerable process of the infected host to cure the infected host of the computer worm.
1.一種系統架構與流程: provide an accurate approach to defend the whole Internet against Internet Worms and Buffer Overflow-based Botnets with only small-scale initial deployment of Cure System Servers (CSSs)。 2.一種系統架構與流程: provide methods that can cure an attack host that has been compromised by an Internet worm or a buffer overflow-based botnet by deleting the related malware or dropping traffic generated by the malware。 3.一種減少多組sanitizer 過濾同一vulnerable process 同一TIP port的方式: merge sanitizers that are used to filter the traffic heading to the same port of the same vulnerable process. 4.一種減少重覆醫治攻擊主機的方式: filter out and drop cure strings from input strings.
技術摘要-英文
A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string from an infected computer, which is infected by a computer worm, through a network. Wherein, the infected string includes a shell code, which is executed by utilizing a vulnerable process. The string generating module generates a curing code to cure the computer worm on the infected computer. Wherein, the curing code can be executed by utilizing the vulnerable process, which is the same as the one utilized by the shell code. The string generating module replaces the shell code in the infected string with the curing code to generate a curing string. The string replying module replies the curing string to the infected computer. Hence, the curing code of the curing string can be executed utilizing the vulnerable process of the infected computer to cure the computer worm on the infected computer.
技術摘要-中文: 1.一種系統架構與流程: provide an accurate approach to defend the whole Internet against Internet Worms and Buffer Overflow-based Botnets with only small-scale initial deployment of Cure System Servers (CSSs)。 2.一種系統架構與流程: provide methods that can cure an attack host that has been compromised by an Internet worm or a buffer overflow-based botnet by deleting the related malware or dropping traffic generated by the malware。 3.一種減少多組sanitizer 過濾同一vulnerable process 同一TIP port的方式: merge sanitizers that are used to filter the traffic heading to the same port of the same vulnerable process. 4.一種減少重覆醫治攻擊主機的方式: filter out and drop cure strings from input strings.
技術摘要-英文: A computer worm curing system includes a string receiving module, a string generating module and a string replying module. The string receiving module receives an infected string from an infected computer, which is infected by a computer worm, through a network. Wherein, the infected string includes a shell code, which is executed by utilizing a vulnerable process. The string generating module generates a curing code to cure the computer worm on the infected computer. Wherein, the curing code can be executed by utilizing the vulnerable process, which is the same as the one utilized by the shell code. The string generating module replaces the shell code in the infected string with the curing code to generate a curing string. The string replying module replies the curing string to the infected computer. Hence, the curing code of the curing string can be executed utilizing the vulnerable process of the infected computer to cure the computer worm on the infected computer.