Forged mail attack, social worker fishing, did you recruit? "one"

Referring to the sleepy dragon on Wooyun it is defined as the use of mailbox forgery technology can be used to do phishing attacks. That is, the forgery of the administrator or IT operations and other e-mail messages, to obtain trust to open the accompanying Trojan file or reply to the sensitive information you want to obtain.

In the case of a further increase in the security awareness of Internet users, the success rate of the URL fishing began to decrease, and in the background, the mail forgery attack fishing is increasingly popular, the theme of the plan 2 times to write, this is of course 1.

An analysis of the principle of counterfeit mail attack

First, let's review the overview of SMTP. The SMTP (Simple Mail Transfer Protocol) protocol, which is a protocol for defining message transport, is an application-layer protocol based on the TCP service, which is a set of rules for sending mail from the source address to the destination. It controls the way messages are relayed, which helps the computer find the next destination when sending or relaying mail. The server specified by the SMTP protocol can send messages to the recipient's server.

Through the analysis of the main process of the SMTP protocol in the process we learned that the sender's information, message body information is in the process of sending people controllable data, which is the source of forgery.

Second, defensive measures

In order to prevent mailbox forgery, there is an SPF. SPF (or Sender ID) is an abbreviation for the sender Policy framework.

When you define the SPF record of your domain name, the recipient will determine whether the IP address connected to it is included in the SPF record and, if so, is considered to be a false email, depending on your SPF record. Most anti-spam systems now support SPF filtering, which generally does not make a mistake, unless the messaging system administrator has incorrectly configured SPF records or omissions.

650) this.width=650; "title=" 0.jpg "src=" Http://s3.51cto.com/wyfs02/M02/5E/01/wKiom1UovGvzidVaAAEpHqxig3A652.jpg " alt= "Wkiom1uovgvzidvaaaephqxig3a652.jpg"/>

Third, the primary forgery method

In the SMTP protocol, senders are allowed to forge most of the sender signature information. This leads to the ability to forge someone else to send mail. The use of mail Server filter is not strict can lead to fake messages are received, resulting in loss of user benefits.

The primary approach is to use ready-made software or Web services to send, experienced users can easily find out.

650) this.width=650; "title=" 4.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M02/5D/FD/ Wkiol1uovvessh88aafu8navayq828.jpg "alt=" Wkiol1uovvessh88aafu8navayq828.jpg "/>

The test found that the mail in the QQ mailbox will be identified as spam and interception, and in 126 mailbox has been successfully received, so 126 mailbox Despite the SPF, there may be some reasons for the vulnerability.

650) this.width=650; "title=" 5.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M02/5E/01/ Wkiom1uovavqpuvkaafs0pq5nwo245.jpg "alt=" Wkiom1uovavqpuvkaafs0pq5nwo245.jpg "/>

View letterhead The server IP exposure used to detect forged messages. But ordinary users are hard to identify.

650) this.width=650; "title=" 6.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/5D/FD/ Wkiol1uovvnskalxaaklexmmzce287.jpg "alt=" Wkiol1uovvnskalxaaklexmmzce287.jpg "/>

The following software is used to send forged messages.

650) this.width=650; "title=" 7.jpg "src=" Http://s3.51cto.com/wyfs02/M00/5D/FD/wKioL1UowKOzYGyWAAClJvb2ZsM449.jpg " alt= "Wkiol1uowkozygywaacljvb2zsm449.jpg"/>

650) this.width=650; "title=" 8.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/5D/FD/ Wkiol1uowhcziqztaadcjx1xrx8864.jpg "alt=" Wkiol1uowhcziqztaadcjx1xrx8864.jpg "/>

The analysis found that the software simply submitted the message to the Web server for forwarding, and the previous one was similar.

650) this.width=650; "title=" 9.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/5E/01/ Wkiom1uovysq3rclaaja60ual_4949.jpg "alt=" Wkiom1uovysq3rclaaja60ual_4949.jpg "/>

To be continued, the advanced forgery method is decided

This article is from the "Nocturnal Person" blog, so be sure to keep this source http://zerosecurity.blog.51cto.com/9913090/1631207

Forged mail attack, social worker fishing, did you recruit? "one"