Client Side Script Phishing Attacks Detection Method using Active Content Popularity Monitoring

The phisher can attack the client side script by means of threatening information which affects the majority of online users in sequence. The malicious users steal a variety of sensitive information from financial organizations in order to run nameless client side script in the phishing attack. In most of the time, the consumer will ignore association script and popup windows which in turn run a set of malicious processes and send the sensitive information to the remote sites. To secure consumers by limiting the client side script, an effective Client Side Script Phishing Attack Detection (CSSPAD) method is proposed to detect the client side script phishing attacks. The proposed methodis based on Active Content Popularity Monitoring (ACPM) and client script classification methods. This method categorizes the client side script according to a mixture of factors like the quantity of information being transferred by the script, the parent information of the script is being accessed. The proposed method computes the active time of the script, amount of data transferred and popularity of the webpage

Cross-domain vulnerabilities over social networks

International audienceRecent years have seen a tremendous growth of social networks such as Facebook and Twitter. At the same time, the share of video traffic in the Internet has also significantly increased, and the two functions are getting closer to one another. YouTube, the most famous video sharing site, allows people to comment on videos with other people while Facebook and Twitter are important vectors into sharing videos. Both video channels and social networks are increasingly vulnerable attack targets. For example, social networks are also considerable spam and phishing vectors, and Adobe Flash as the premier video streaming application is associated with numerous software vulnerabilities. This is a good way for attackers to compromise sites with embedded Flash objects. In this paper, we present the technical background of the cross-domain mechanisms and the security implications. Several recent studies have demonstrated the weakness of the cross-domain policy, leading to session hijacking or the leakage of sensitive information. Current solutions to detect these vulnerabilities use a client-side approach. The purpose of our work is to present a new approach based on network flows analysis to detect malicious behavior