Docstoc

Phishing

Document Sample
Phishing Powered By Docstoc
					HTTP://COEIA.EDU.SA
1
‫א א‪ ª‬א د‬   ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬   ‫2‬
‫3‬                          ‫א א‪ ª‬א د‬       ‫وא‬         ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬



       ‫ﺍﻻﺻﻄﻴﺎﺩ ﺍﻹﻟﻜﺘﺮﻭﱐ‬

    ‫ﺍﻷﺳﺎﻟﻴﺐ ﻭﺍﻹﺟﺮﺍﺀﺍﺕ ﺍﳌﻀﺎﺩﺓ‬




                ‫×‬        ‫نא‬                     ‫د‪K‬‬
                    ‫א‬         ‫א‬       ‫ن‬         ‫م‪K‬‬




                         ‫نא‬            ‫د‪ K‬ز د‬
       ‫د‬   ‫وא‬       ‫ون א‬       ‫د‬           ‫א‬           ‫و‬
‫א א‪ ª‬א د‬   ‫وא‬    ‫‪Ø‬و ‪ W‬א‬     ‫دא‬          ‫א‬                                              ‫4‬


                 ‫ﺣﻘﻮﻕ ﺍﻟﻄﺒﻊ ﻭﺍﻟﻨﺴﺦ ﳏﻔﻮﻇﺔ 9241ﻫـ - 8002ﻡ‬                             ‫ﺡ‬


                        ‫ﻓﻬﺭﺴﺔ ﻤﻜﺘﺒﺔ ﺍﻝﻤﻠﻙ ﻓﻬﺩ ﺍﻝﻭﻁﻨﻴﺔ ﺃﺜﻨﺎﺀ ﺍﻝﻨﺸﺭ‬
                                                 ‫ن‬                         ‫א ×‬
                      ‫א א‪ ª‬א د ‪L‬‬    ‫وא‬              ‫‪Ø‬و ‪ W‬א‬           ‫دא‬            ‫א‬
                        ‫א א × – א ض 9241‬                      ‫ن‬
                                          ‫2 000 ص 71 ‪24 C‬‬
                                  ‫د ‪978-603-00-1453-8 W‬‬
                                    ‫א א‬   ‫א ‪J2 ª‬‬     ‫1‪J‬‬
                 ‫אن‬    ‫¯‪ K ª E‬א‬              ‫‪F‬‬   ‫א‬      ‫א‬        ‫ن‬         ‫‪K‬‬

                 ‫4885‪1429L‬‬                                   ‫8,500‬              ‫د‬



                                  ‫א אع ‪1429L5884 W‬‬
                             ‫د ‪978-603-00-1453-8 W‬‬




                        ‫‬           ‫قא‬           ‫‬
                             ‫א و‬             ‫א‬
                        ‫9241 - 9002م‬
    ‫5‬                                                                ‫א א‪ ª‬א د‬                   ‫وא‬                     ‫‪Ø‬و ‪ W‬א‬                 ‫دא‬                ‫א‬


                                                                ‫ــ‬                  ‫ا‬
                                                                                                             ‫نا‬                                            ‫د.‬   ‫*‬


‫‬                                          ‫دو‬              ‫א‬              ‫‪ª‬‬             ‫א‬                         ‫א‬                      ‫ً‬
         ‫ن‬            ‫א‬                         ‫¯א‬                   ‫و‬                       ‫‪ª‬‬                   ‫و א‬                    ‫مא‬
‫¯‬            ‫‪K‬‬                ‫و‬                 ‫‪ª‬‬                                        ‫و‬           ‫و א زא‬                   ‫وא‬                   ‫א‬
‫‪K‬‬            ‫‪ ª‬א‬              ‫א‬           ‫د‬     ‫‬              ‫א‪ú‬‬              ‫وא‬                       ‫و‬               ‫אد א א ‪ ª‬א‬                             ‫‬
                  ‫د‬                        ‫א‬                   ‫‪ª‬‬              ‫א‬            ‫‬                           ‫א‬            ‫د‬
‫‪ª‬‬                ‫א‬                    ‫ج‬                         ‫א ‪ú‬‬                             ‫א‬                ‫‪Ù‬وא‬                 ‫א‬                   ‫א ‪ú‬‬
         ‫‪ ª‬א‬                     ‫א‬        ‫‪ª‬‬          ‫א‬         ‫א א ‪Ø‬אع ‬                                                                             ‫א‬        ‫א‬
    ‫‪ ª‬و دא‬                    ‫א‬            ‫ل‬         ‫ ‬                               ‫دא‪ª‬‬                                                                      ‫א‬
‫‬                ‫‪ ª‬و‬                       ‫א‬         ‫‬                   ‫א‬             ‫‪ª‬א‬                  ‫א‬                       ‫א‬            ‫‪K‬‬            ‫א‬
         ‫ل‬        ‫‬                        ‫א‪ ª‬و א و א‪ ª‬א‬                   ‫א‪Ò‬‬                            ‫א‬          ‫و‬        ‫د‬                 ‫א‬                 ‫א‬
                                                                                                                                               ‫‪Kª‬‬               ‫א‬

                                                                                                 ‫ا‬                  ‫ا‬             ‫ن‬                        ‫د.‬   ‫*‬

        ‫‪Ø‬و‬        ‫‪ª‬א‬                        ‫א‬                                   ‫א‬                ‫א‬                ‫وع‬                       ‫ً‬
‫‪ª‬‬                 ‫?א‬                       ‫‪ª‬‬          ‫א‬             ‫ع‬          ‫‬                    ‫א‬                  ‫‪Ù‬‬         ‫ً‬                              ‫א‬
                 ‫‪ª‬‬                    ‫א‬        ‫‪Ù‬‬              ‫س وא‬                         ‫د א‬                                         ‫د ?‪K‬‬                  ‫א‬
    ‫د‬                     ‫ً‬                       ‫ض‪K‬‬                 ‫د‬                   ‫א‬                  ‫‪ª‬‬               ‫وא‬                           ‫مא‬
                 ‫‪ EProject Management ProfessionalF‬و‬                                                          ‫  دא א‬
                                                 ‫د‪K‬‬              ‫א‬                 ‫‪ª‬‬                ‫א‬                       ‫א‬                ‫ون ‬
  ‫א א‪ ª‬א د‬         ‫وא‬           ‫‪Ø‬و ‪ W‬א‬        ‫دא‬           ‫א‬                                           ‫6‬

                                             ‫س‬               ‫ا‬
 ‫ﻣﻘﺪﻣﺔ .....................................................................................................9‬
 ‫ﺍﻟﻔﺼﻞ ﺍﻷﻭﻝ: ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ...........................................................41‬
 ‫1.1ﻣﻜﻮﻧﺎﺕ ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ .................................................................51‬
 ‫1.1.1ﻋﻤﻴﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ )‪15 ................................... (E-Mail Client‬‬
 ‫1.1.2ﺧﺎﺩﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ )‪16 ..................................... (E-Mail Server‬‬
 ‫1.2ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﺒﲏ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﳌﻴﺔ .....................................................71‬
 ‫1.3ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺗﺮﺍﺳﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ..........................................................81‬
 ‫1.3.1ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﱪﻳﺪ ﺍﻟﺒﺴﻴﻂ ............................................... 81‬
 ‫1.3.2ﺑﺮﺗﻮﻛﻮﻝ ﻣﻜﺘﺐ ﺍﻟﱪﻳﺪ ...................................................... 81‬
 ‫1.4ﺍﺳﺘﺨﺪﺍﻡ ﻧﻈﺎﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ ﰲ ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ .....................................91‬
 ‫1.5ﺳﺠﻼﺕ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ ...........................................................................12‬
 ‫1.6ﻫﻴﻜﻠﻴﺔ ﺭﺳﺎﻟﺔ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ..................................................................22‬
 ‫ﺍﻟﻔﺼﻞ ﺍﻟﺜﺎﱐ: ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ )‪24................................ (Spam‬‬
 ‫2.1ﻣﻘﺪﻣﺔ ﻋﻦ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ ..............................................62‬
 ‫2.2ﺃﺳﺎﻟﻴﺐ ﺍﻟﺮﺳﺎﺋﻞ ﺍﻟﱪﻳﺪﻳﺔ ﺍﻹﻟﻜﺘﺮﻭﻧﻴﺔ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ .............................................13‬
 ‫2.2.1ﺍﻷﺳﻠﻮﺏ ﺍﻷﻭﻝ: ﺑﺮﻳﺪ ﺍﻧﺘﺤﺎﻝ ﺍﻟﺸﺨﺼﻴﺔ )‪31 ................... (E-Mail Spoofing‬‬
 ‫2.2.2ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﱐ: ﺧﺎﺩﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﻔﺘﻮﺡ )‪31 ............ (Open Mail Rely‬‬
‫23‬   ‫ﺍﻟﺼﻮﺭ)‪(Image-based Spam‬‬           ‫2.2.3ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﻟﺚ: ﺍﻟﺮﺳﺎﺋﻞ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ ﺍﳌﻌﺘﻤﺪﺓ ﻋﻠﻰ‬
 ‫2.2.4ﺍﻷﺳﻠﻮﺏ ﺍﻟﺮﺍﺑﻊ: ﻫﺠﻤﺔ ﺍﻟﻘﺎﻣﻮﺱ )‪34 ........................ (Dictionary Attack‬‬
 ‫2.3ﺍﻻﺟﺮﺍﺀﺍﺕ ﺍﳌﻀﺎﺩﺓ ﻟﺮﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ ...................................43‬
 ‫2.3.1ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻷﻭﻝ: ﺍﻟﺘﺼﻔﻴﺔ )‪34 ................................... (Filtration‬‬
‫2.3.2ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﱐ: ﺍﻟﻘﻮﺍﺋﻢ ﺍﻟﺒﻴﻀﺎﺀ ﻭﺍﻟﻘﻮﺍﺋﻢ ﺍﻟﺴﻮﺩﺍﺀ )‪35(Black lists / White lists‬‬
  ‫7‬                                            ‫א א‪ ª‬א د‬        ‫وא‬           ‫‪Ø‬و ‪ W‬א‬       ‫دא‬          ‫א‬

 ‫2.3.3ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻟﺚ: ﺍﻟﻘﻮﺍﺋﻢ ﺍﻟﺒﻴﻀﺎﺀ ﺍﻟﺘﺠﺎﺭﻳﺔ )‪37 ...... (Commercial Whitelists‬‬
 ‫2.3.4ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺮﺍﺑﻊ: ﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺍﻟﺘﻜﺎﻣﻠﻴﺔ )‪37 ................ (Integrity Check‬‬
 ‫2.3.5ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﳋﺎﻣﺲ: ﲢﻮﻳﺮ ﺍﻟﻌﻨﻮﺍﻥ........................................ 83‬
 ‫2.3.6ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺩﺱ: ﻋﺪﻡ ﺍﻟﺮﺩ ﻋﻠﻰ ﺍﻟﺮﺳﺎﺋﻞ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ.................. 83‬
 ‫2.3.7ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺑﻊ: ﺍﻹﺑﻼﻍ ﻋﻦ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ )‪39 . (Spam Reportin‬‬
  ‫2.3.8ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻣﻦ: ﺍﻟﺘﻘﻴﺪ ﺑﻮﺛﻴﻘﺔ ﻃﻠﺐ ﺍﻟﺘﻌﻠﻴﻘﺎﺕ ﻟﱪﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﱪﻳﺪ ﺍﻟﺒﺴﻴﻂ‬
 ‫)‪41 ...................................................................(SMTP RFC‬‬
 ‫2.3.9ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺘﺎﺳﻊ: ﺳﺠﻼﺕ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ ﺍﳌﺰﻳﻔﺔ )‪41 .... (Fake MX Records‬‬
 ‫2.3.01ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﻌﺎﺷﺮ: ﺗﺄﺧﲑ ﺍﻟﺘﺮﺣﻴﺐ )‪43 ..................... (Greeting delay‬‬
 ‫ﺍﻟﻔﺼﻞ ﺍﻟﺜﺎﻟﺚ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻹﻟﻜﺘﺮﻭﱐ )‪45............................................... (Phishing‬‬
 ‫ﺍﻟﻔﺼﻞ ﺍﻟﺮﺍﺑﻊ: ﺃﺳﺎﻟﻴﺐ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻹﻟﻜﺘﺮﻭﱐ )‪65...................... (Phishing Techniques‬‬
 ‫4.1ﺍﻷﺳﻠﻮﺏ ﺍﻷﻭﻝ: ﺗﺴﻤﻴﻢ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ )‪67 ................. (DNS Poisoning‬‬
 ‫4.2ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﱐ: ﺗﺴﻤﻴﻢ ﻣﻠﻒ ﺍﳋﻮﺍﺩﻡ ﺍﳌﻀﻴﻔﺔ )‪70 ............ (Hosts File Poisoning‬‬
‫ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﻟﺚ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺑﻮﺍﺳﻄﺔ ﺣﻘﻦ ﺍﶈﺘﻮﻯ )‪71(Content Injection‬‬                             ‫4.3‬

 ‫. 37‬   ‫ﺍﻟﻮﺳﻂ)‪(Man-in-the-Middle Attack – MITM‬‬            ‫ﺍﻷﺳﻠﻮﺏ ﺍﻟﺮﺍﺑﻊ: ﻫﺠﻤﺔ ﺍﻟﺮﺟﻞ ﰲ‬              ‫4.4‬

 ‫ﺍﻷﺳﻠﻮﺏ ﺍﳋﺎﻣﺲ: ﺗﺸﻮﻳﺶ ﺍﻟﻌﻨﻮﺍﻥ)‪76 ..................... (Address Obfuscation‬‬                         ‫4.5‬

‫4.6ﺍﻷﺳﻠﻮﺏ ﺍﻟﺴﺎﺩﺱ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﺍﻟﱪﺍﻣﺞ ﺍﳋﺒﻴﺜﺔ)‪80(Malware Attack‬‬
 ‫‪(Search Engine‬‬ ‫4.7ﺍﻷﺳﻠﻮﺏ ﺍﻟﺴﺎﺑﻊ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﳏﺮﻛﺎﺕ ﺍﻟﺒﺤـﺚ‬
 ‫)‪80 ....................................................................... Phishing‬‬
‫4.8ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﻣﻦ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﺍﻟﻨﻮﺍﻓﺬ ﺍﳌﻨﺒﺜﻘﺔ )‪81(The Popup Attack‬‬
 ‫4.9ﺍﻷﺳﻠﻮﺏ ﺍﻟﺘﺎﺳﻊ: ﺷﺮﻳﻂ ﺍﻟﻌﻨﻮﺍﻥ ﺍﳌﺰﻳﻒ )‪83 ................... (Fake Address Bar‬‬
      ‫‪(Phishing‬‬       ‫ـ‬           ‫ـ‬        ‫ـ‬          ‫ـ‬         ‫ـ ـ‬
                   ‫ﺍﻟﻔﺼ ـﻞ ﺍﳋ ـﺎﻣﺲ: ﺍﻹﺟ ـﺮﺍﺀﺍﺕ ﺍﳌﻀ ـﺎﺩﺓ ﻟﻼﺻ ـﻄﻴﺎﺩ ﺍﻹﻟﻜﺘ ـﺮﻭﱐ‬
 ‫)‪91................................................................................... Countermeasures‬‬
 ‫5.1ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻷﻭﻝ: ﻣﻨﻊ ﻫﺠﻤﺎﺕ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻗﺒﻞ ﺣﺪﻭﺛﻬﺎ ........... 29‬
     ‫א א‪ ª‬א د‬         ‫وא‬           ‫‪Ø‬و ‪ W‬א‬        ‫دא‬          ‫א‬                                          ‫8‬
    ‫5.1.1ﺇﻧﺸﺎﺀ ﺣﺴﺎﺏ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﱐ ﻟﻠﺒﻼﻏﺎﺕ ........................................ 29‬
    ‫5.1.2ﻣﺮﺍﻗﺒﺔ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﺮﺗﺪﺓ )‪92 ...................... (Bounced E-Mails‬‬
    ‫5.1.3ﻣﺮﺍﻗﺒﺔ ﻣﺮﺍﻛﺰ ﺧﺪﻣﺔ ﺍﻟﻌﻤﻼﺀ .................................................. 39‬
    ‫5.1.4ﻣﺮﺍﻗﺒﺔ ﺣﺴﺎﺑﺎﺕ ﺍﻟﻌﻤﻼﺀ ...................................................... 49‬
    ‫5.1.5ﻣﺮﺍﻗﺒﺔ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﺼﻮﺭ ﺍﶈﺘﻮﻳﺔ ﻟﺸﻌﺎﺭ ﺃﻭ ﺭﻣﺰ ﺍﳌﻨﻈﻤﺔ ............................ 49‬
    ‫5.2ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﱐ: ﺍﻟﺘﺼﻔﻴﺔ )‪98 ..................................... (Filteration‬‬
    ‫5.3ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻟﺚ: ﺍﻟﺘﺤـﺪﻳﺜﺎﺕ ﺍﻷﻣﻨﻴﺔ )‪ (Security Patches‬ﻭ ﺟـﺪﺭﺍﻥ ﺍﳊﻤﺎﻳـﺔ‬
    ‫)‪99 ...................................................................... (Firewalls‬‬
    ‫5.4ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺮﺍﺑﻊ: ﺗﺼﻔﻴﺔ ﺍﻷﻛﻮﺍﺩ ﺍﻟﱪﳎﻴﺔ ﺍﳋﺒﻴﺜﺔ )‪100 ..(Cross-Site Script - XSS‬‬
    ‫5.5ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﳋﺎﻣﺲ: ﻟﻮﺣﺔ ﺍﳌﻔﺎﺗﻴﺢ ﺍﳌﺮﺋﻴﺔ )‪101 ............... (Visual Keyboard‬‬
    ‫5.6ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺩﺱ: ﺍﻟﺘﺼﺪﻳﻖ ﺍﻟﺜﻨﺎﺋﻲ )‪102 ......... (Two-Factor Authentication‬‬
    ‫5.7ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺑﻊ: ﺍﻟﺘﺼﺪﻳﻖ ﺍﳌﺘﺒﺎﺩﻝ )‪104 .............. (Mutual Authentication‬‬
      ‫‪(Anti-Phishing‬‬‫5.8ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻣﻦ: ﺃﺷﺮﻃﺔ ﺃﺩﻭﺍﺕ ﻣﻜﺎﻓﺤﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ‬
  ‫)‪105 ..................................................................... Toolbars‬‬
‫5.9ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺘﺎﺳﻊ: ﺑﺮﺍﻣﺞ ﻣﻜﺎﻓﺤﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ )‪110(Anti-Phishing Software‬‬
    ‫ﻣﻌﺠﻢ ﺍﳌﻔﺮﺩﺍﺕ .....................................................................................111‬
    ‫ﺍﳌﺮﺍﺟﻊ ................................................................................................711‬
‫9‬   ‫א א‪ ª‬א د‬   ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬
    ‫א א‪ ª‬א د‬                 ‫وא‬                     ‫‪Ø‬و ‪ W‬א‬           ‫دא‬                    ‫א‬                                                            ‫01‬
        ‫א‬               ‫ن وא‬            ‫א‬                         ‫و‬                    ‫א‬                     ‫א ‪Ø‬‬                             ‫ن‬
‫‪ª‬‬                                               ‫אً‬                ‫אم א ‪Ø‬‬                    ‫א‬                   ‫ن‬                    ‫د‬                   ‫א‬
‫ً‬               ‫אم א ‪Ø‬‬                               ‫א‬        ‫ن‬                        ‫ًא مא‬                                    ‫אد‪ K‬و‬        ‫א‬        ‫و ‪Ù‬‬
‫ א ون‬                             ‫א‬                     ‫ن‬            ‫ل‪ K‬و‬                  ‫א‬           ‫‪Ù‬‬                        ‫אد‬      ‫‪ ª‬وא‬
‫ً‬                            ‫אم א ‪Ø‬‬                          ‫ن א א‬                     ‫و عא ق‬                               ‫ً א א א‬                          ‫א‬
                    ‫‪K‬‬                                ‫ن‬                ‫و‬                         ‫و‬           ‫א‬           ‫‪ú‬‬                         ‫א‬      ‫א‬
        ‫א‬       ‫‪Ø‬و‬                 ‫دא‬                    ‫א‬        ‫و‬                ‫א‬                ‫א‬           ‫ول‬                   ‫‪ª‬‬       ‫و אא‬
    ‫و‬               ‫‪ª‬א‬                                       ‫مא‬           ‫א‬                             ‫‪ª‬א‬                      ‫א‬           ‫‬
            ‫‪ª‬‬           ‫אא‬             ‫ض‬                     ‫‪ Kª‬و‬                  ‫א‬                    ‫אل‬              ‫אن א‬                                 ‫‪Ø‬‬
    ‫د‬                   ‫ن‬           ‫א‪Ò‬‬                       ‫א‬                        ‫אع א‬                         ‫ً‬                                        ‫א‬
            ‫نא‬               ‫‪ Kª‬و و א‬                               ‫א‬                                                        ‫א א‪ ª‬א‬           ‫ًא‬          ‫و‬
                                                                                                                        ‫‪K‬‬                ‫‪ª‬‬        ‫عא‬
‫א א‪ Ó‬ل‬                  ‫‬                   ‫א‬                                  ‫א‬                                                                 ‫وذ‬
                ‫א ‪Ø‬‬                                                   ‫‪ª‬‬                   ‫אא‬                       ‫ن‬                    ‫‬           ‫س‬           ‫א‬
                                                                                                                            ‫‪K‬‬                    ‫و‬               ‫א‬


                                        ‫نا‬                            ‫د. ز د‬
                ‫د‬        ‫وא‬                 ‫ون א‬              ‫د‬               ‫א‬                ‫و‬
‫11‬                     ‫א א‪ ª‬א د‬    ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬




     ‫وא‬   ‫لא‬   ‫א‬   ‫و‬     ‫)‪(E-Mail‬‬   ‫‪Ø‬و‬   ‫א× א‬
‫א א‪ ª‬א د‬                     ‫وא‬           ‫‪Ø‬و ‪ W‬א‬              ‫دא‬           ‫א‬                                                      ‫21‬
                         ‫‪Kª‬‬         ‫אد و א‬        ‫א‬                            ‫א‬            ‫و א م‬               ‫א د‬
         ‫‪K‬‬               ‫ل‬         ‫‪ EFaxF‬دא א‬                       ‫‪Ø‬و  א‬                    ‫א× א‬           ‫ل‬             ‫‪ª‬א‬
                         ‫א‬            ‫و‬                                ‫א‬                 ‫و‬             ‫‪Ø‬و‬        ‫א× א‬
     ‫א‬               ‫א‬                                         ‫‬           ‫‪Ë‬א‬                      ‫م‬      ‫‪Ø‬و‬                       ‫א‬
                          ‫‪Ø‬و ‪K‬‬            ‫مא× א‬                            ‫א ‬                    ‫א‪ ú‬א‬           ‫א‪ Ù ú‬א‬
     ‫‪Ø‬و‬          ‫لא× א‬                     ‫א‬                     ‫א‬                 ‫א‬        ‫‪ª‬‬        ‫אא‬
‫ل‪K‬‬                       ‫‬          ‫‪ª‬‬          ‫א‬             ‫א א‪ ª‬א د  و ‪Ë‬‬                                ‫وא‬
     ‫א×‬                                        ‫א‬             ‫وא‬            ‫‪Ø‬و‬            ‫مא× א‬          ‫‪ª‬‬         ‫א ول‬                 ‫א‬
     ‫و‬                    ‫‪ª‬א‬          ‫عא‬           ‫‬                        ‫‪ ESpamF‬و‬                    ‫‪ Ù‬א‬               ‫‪Ø‬و‬          ‫א‬
                 ‫א‬            ‫ل‬           ‫عא‬               ‫ن‬                        ‫‪ EPhishingF‬وא‬         ‫‪Ø‬و‬          ‫دא‬               ‫א‬
                                                                                                                           ‫‪K‬‬           ‫א‬
                 ‫‬                         ‫א‬                           ‫د‬                 ‫‪ª‬‬        ‫אא‬                 ‫و‬
             ‫‪Ø‬و‬               ‫×א× א‬                        ‫א ‪Ø‬א‬                     ‫א  ‪ EInternetF‬א‬                  ‫وא‬               ‫א‬
‫س‬            ‫و‬                ‫ل‬       ‫‬                ‫א‬                   ‫א د‬                 ‫א‬        ‫‬             ‫א‬
                                                                                                   ‫‪Kª‬‬            ‫א‬            ‫ل‬
‫31‬   ‫א א‪ ª‬א د‬   ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬
‫א א‪ ª‬א د‬   ‫وא‬     ‫‪Ø‬و ‪ W‬א‬   ‫دא‬      ‫א‬                             ‫41‬




                     ‫ا ول‬                ‫ا‬
                   ‫و‬    ‫ا‬               ‫ما‬
                                 ‫• ﻣﻜﻮﻧﺎﺕ ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
                     ‫• ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﻌﺘﻤﺪ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﳌﻴﺔ‬
                            ‫• ﺑﺮﺗﻮﻛﻮﻻﺕ ﺗﺮﺍﺳﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
            ‫• ﺍﺳﺘﺨﺪﺍﻡ ﻧﻈﺎﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ ﰲ ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
                                 ‫• ﻫﻴﻜﻠﻴﺔ ﺭﺳﺎﻟﺔ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
15                                                ‫ א د‬ª‫א א‬             ‫وא‬             ‫ א‬W ‫و‬Ø          ‫دא‬                ‫א‬


          ‫و‬                              ‫و‬Ø         ‫مא× א‬                                ‫ אא‬ª
          ‫×א‬       ‫و‬Ø        ‫א× א‬             ‫א‬           ً         ª             ‫و‬K
ª             ‫ א‬Ú‫م‬               ‫ودو‬         ‫א‬Ø ‫ א‬                ‫ א‬ª                ×‫א‬                           ‫א‬
     ×‫א‬                 ª                 ‫אא‬              ‫ و‬K ‫و‬Ø                     ‫א× א‬                ‫א‬
                                                                                                      K ‫و‬Ø               ‫א‬


                                                       ‫ﻣﻜﻮﻧﺎﺕ ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬                                   1.1
EData NetworkF ª              ‫א‬                        ‫ א‬EApplicationsF ª                       ‫نא‬
                        ‫و‬Ø         ‫نא× א‬               ‫ و‬KEserverF ‫ و دم‬EclientF
‫ و دم‬EE-Mail        ClientF        ‫و‬Ø         ‫א× א‬                            ‫ن‬                  ª             ‫א‬
                                                                  KEE-Mail ServerF ‫و‬Ø                              ‫א× א‬
                                         (E-Mail Client) ‫1.1.1 ﻋﻤﻴﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
      ‫א א‬       ‫ و‬EMail User Agent-MUA) ‫م‬                          ‫א‬                  ‫ًو‬
                        KEE-Mail ServerF ‫و‬Ø                       ‫م و دم א × א‬                        ‫א‬                 ‫א‬
                                                   W          ‫و‬Ø              ‫א× א‬                             ‫و‬
‫אم‬             EE-Mail ServerF ‫ א ×  א دم‬ª                                           ×‫ عא‬Ø ‫• א‬
                                                                   KEPOP3F × ‫א‬                         ‫ل‬             ‫و‬
                        K‫ل‬                    ‫ א‬ª            ‫א‬         ً‫دא‬       ‫א‬          ‫א‬             •
     ×‫א‬        ‫ل‬        ‫אم‬              EE-Mail ServerF ‫א دم‬                             ‫א‬                 •
                                                                                             KESMTPF                     ‫א‬
 K ‫و‬Ø          ‫و  م א × א‬Ø                   ‫א× א‬                            E1-1F              ‫א‬
‫ א د‬ª‫א א‬        ‫وא‬        ‫ א‬W ‫و‬Ø        ‫دא‬             ‫א‬                                                    16
Microsoft   ?              ‫و‬Ø       ‫א‬     ×‫א‬                      ‫א‬                           ‫א‬
                                                   .?             ‫و‬           ?               E1F?Outlook
                                    (E-Mail Server) ‫1.1.2 ﺧﺎﺩﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
    ‫א‬   ‫ و‬KEMail       Transfer Agent–MTAF                   ×‫א‬                   ‫ًو‬                   ‫و‬
  ‫و‬Ø        ‫אدم א × א‬           ‫و‬             ‫و‬Ø            ‫لא× א‬             ‫لوא‬             ‫א‬            ‫م‬
                                                   KEInternetF  ‫א‬                        ‫א‬                    ‫א‬
Microsoft Exchange ?                ‫و‬Ø        ‫אدم א × א‬                   ‫א‬                       ‫א‬
                                                        K?            ‫و‬           ?               E2F?Server
  ×‫مא‬                ‫و‬Ø   ‫دم א × א‬                 E1 J1F                        ‫ًא‬
                                                                                                      K ‫و‬Ø     ‫א‬




                           ‫ﺍﺷﻜﻞ) 1-1( ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬


                       Ewww.microsoft.com/outlook/F  ‫א‬                               ‫א‬           ×‫א‬         E1F
     Ewww.microsoft.com/exchange/default.mspxF  ‫א‬                                    ‫א‬           ×‫א‬         E2F
‫71‬                                      ‫א א‪ ª‬א د‬   ‫وא‬            ‫‪Ø‬و ‪ W‬א‬        ‫دא‬       ‫א‬


                          ‫ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﺒﲏ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﳌﻴﺔ‬                     ‫1.2‬
   ‫)‪(Web-based E-Mail – webmail‬‬
  ‫א ‬          ‫א‬          ‫ل‬         ‫ل‬                    ‫‪Ø‬و‬
          ‫‪Ø‬و ‪K‬‬         ‫א× א‬         ‫א  دو‬          ‫א‬                           ‫‪EInternetF‬‬
‫?‪?Gmail‬‬             ‫א ‬       ‫א‬           ‫‪Ø‬و א‬         ‫א× א‬                ‫א‬
          ‫א‬                       ‫? ‪Egoogle.comF‬‬             ‫?‬            ‫‪Egmail.comF‬‬
                                                                                 ‫‪KE2-1F‬‬




                   ‫ﺷﻜﻞ 1-2 ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﺒﲏ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﳌﻴﺔ‬
‫א א‪ ª‬א د‬      ‫وא‬             ‫‪Ø‬و ‪ W‬א‬           ‫دא‬             ‫א‬                                                ‫81‬


                                           ‫ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺗﺮﺍﺳﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬                                      ‫1.3‬
         ‫‪ª‬‬         ‫د و‬        ‫مو‬                ‫‪Ø‬و‬            ‫مא× א‬             ‫א× ‬                    ‫‪Ø‬א‬
           ‫وא دم و‬                ‫א‬        ‫א‬              ‫א‬                ‫‪ú‬‬
  ‫‪Ø‬و‬         ‫لא× א‬                ‫א‬                  ‫א‪  ª‬د‬                 ‫ א ع‬                        ‫אدم‬      ‫א‬
                                                                                                         ‫‪K‬‬       ‫و‬
                                                     ‫1.3.1 ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﱪﻳﺪ ﺍﻟﺒﺴﻴﻂ‬
                         ‫)‪(Simple Mail Transfer Protocol - SMTP‬‬
       ‫א‬            ‫‪Ø‬و‬        ‫א‬       ‫א×‬        ‫‪Ø‬א‬                ‫א‬          ‫لא‬             ‫א ×و‬
    ‫א‬        ‫128 1 وא‬                     ‫‪ERFCF ª‬‬                     ‫א‬                        ‫و‪Ë‬‬             ‫א ‬
                                                                                             ‫3211 2‪K‬‬
             ‫א× א‬         ‫ل‬           ‫‪ ª‬و‬             ‫‪Ø‬و א‬                 ‫אدم א × א‬
   ‫‪Ù‬‬          ‫‪ KE3-1F‬و א‬                       ‫א‬                            ‫52 ‪EPort 25F‬‬                       ‫א‬
                                                                             ‫א دم‪K‬‬                               ‫א‬
                                                                       ‫1.3.2 ﺑﺮﺗﻮﻛﻮﻝ ﻣﻜﺘﺐ ﺍﻟﱪﻳﺪ‬
                                       ‫)‪(POP3 – Post Office Protocol‬‬
 ‫‪ Ø‬عא×‬                   ‫‪Ø‬و‬           ‫א× א‬                                          ‫لא‬        ‫א×‬
    ‫‪ª‬‬          ‫א‬                       ‫ل‬            ‫אא×‬                     ‫دم‪Ë K‬‬        ‫א‬               ‫‪Ø‬و‬       ‫א‬



                     ‫‪K Ehttp://tools.ietf.org/html/rfc821F‬‬                      ‫א‬        ‫‪Ø‬و‬     ‫א‬            ‫‪ E 1F‬א‬
                    ‫‪K Ehttp://tools.ietf.org/html/rfc1123F‬‬                          ‫א‬    ‫‪Ø‬و‬         ‫א‬         ‫‪ E2F‬א‬
‫91‬                                      ‫א א‪ ª‬א د‬    ‫وא‬                   ‫‪Ø‬و ‪ W‬א‬           ‫دא‬           ‫א‬


                                                                                       ‫9391 1‪K‬‬
            ‫א‬      ‫א‬          ‫א‬    ‫ل ‪Ù‬‬        ‫א×‬         ‫א‬      ‫3‬           ‫ً نא‬
                                                ‫‪K‬‬     ‫א‬               ‫א‬     ‫ل و‬                 ‫אא×‬
       ‫א×‬          ‫ل‬       ‫‪ ª‬و‬            ‫א‬   ‫‪Ø‬و‬     ‫אدم א × א‬
‫ن ‪Ù‬‬         ‫‪ KE3-1F‬و‬               ‫א‬                         ‫‪EPort‬‬       ‫011‪110F‬‬                      ‫א‬
                                                                      ‫א ‪K‬‬             ‫א دم‬




                        ‫3‪POP‬‬   ‫ﺷﻜﻞ )1-3( ﻣﻨﺎﻓﺬ ‪ SMTP‬ﻭ‬

                 ‫1.4 ﺍﺳﺘﺨﺪﺍﻡ ﻧﻈﺎﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ ﰲ ﻧﻈﺎﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
‫‪Ø‬و ‪K‬‬    ‫אن א × א‬          ‫?@? ‬                           ‫א‬       ‫א‬         ‫ق‬      ‫א‬            ‫א‬


                  ‫‪. Ehttp://tools.ietf.org/html/rfc1939F‬‬          ‫א‬          ‫‪Ø‬و‬        ‫א‬            ‫‪ E3F‬א‬
    ‫א א‪ ª‬א د‬              ‫وא‬           ‫‪Ø‬و ‪ W‬א‬     ‫دא‬          ‫א‬                                                 ‫02‬
                                ‫?‪K?abc.com‬‬       ‫?‪?xyz@abc.com‬‬           ‫אن א ×‬                 ‫ق‬       ‫א‬   ‫ًא‬
‫‪ª‬‬            ‫א‬                  ‫‪EDomain‬‬     ‫‪Name System - DNSF ª‬‬                         ‫م‪ Ú‬א‬
‫‪K‬‬                                                ‫אدم‬                 ‫ن‬         ‫و‬          ‫א ‬                     ‫א‬
                           ‫א‬      ‫‪ª‬و و‬             ‫‪ Ú‬א‬                     ‫א‬          ‫م‬      ‫‪ ª‬אא‬
         ‫א‬                                             ‫دم א אد א‬                     ‫אن א‬      ‫א‬
‫د‬                     ‫א‬          ‫אن‬      ‫א ل‬                     ‫א  ‪K‬‬                                    ‫א‬    ‫د‬
‫ ‪ E213.230.10.197F‬و ‪ª‬‬                                          ‫א‬             ‫אن א‬        ‫‪ Ewww.ksu.edu.saF‬א‬
         ‫‪ª‬‬                 ‫אدم ‪ Ú‬א‬                  ‫م‬                         ‫د و‬              ‫ن‬                 ‫א‬
                                                                         ‫‪KE4-1F‬‬                     ‫א‬




                                ‫ﺷﻜﻞ )1-4( ﺍﻻﺳﺘﻌﻼﻡ ﻣﻦ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ‬


‫م‬                 ‫א‬        ‫‪ª‬‬            ‫م‪ Ú‬א‬                       ‫א‬              ‫‪ª‬א‬               ‫א‬
       ‫¯‬              ‫ن‬             ‫‪K‬‬        ‫ق‬                  ‫‪Ø‬و א‬              ‫אدم א × א‬                ‫‪Ú‬‬
21                                               ‫ א د‬ª‫א א‬        ‫وא‬            ‫ א‬W ‫و‬Ø         ‫دא‬         ‫א‬


Ù                 ‫وא ذ‬            ‫دא‬        ‫و‬        ‫ق وא‬                      ‫و‬Ø              ‫دم‬
‫אدم‬   ‫א‬       ‫ق‬     ‫א‬        ‫א‬         Ù ‫א‬ª               ‫ض ز  א‬                                   ‫אدم‬
             KE Failover ‫و‬        Backup F                ‫אدم א‬        Ù       ‫ و‬ELoad BalancingF
    Ú ‫دم‬       ‫ن‬             ‫و‬Ø        ‫א‬        × ‫אدم א‬                    ‫م‬        ‫א‬           
Mail exchange Records F ?                   ‫ دل א‬ª            ? ú              ª          ‫ د‬ª             ‫א‬
                                                                                        .E– MX records



                                                                  ‫1.5 ﺳﺠﻼﺕ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ‬
                                            (Mail exchange records – MX records)
      ‫و א‬              ‫وذ‬                 ‫لא‬                          ‫ دل א‬ª              ‫د‬
preference   F ‫دم‬                                                      ‫و‬Ø      ‫אدم א × א‬             Ú
                                                                                               KEnumber
‫א א‪ ª‬א د‬       ‫وא‬            ‫‪Ø‬و ‪ W‬א‬       ‫دא‬                ‫א‬                                       ‫22‬




                             ‫ﺷﻜﻞ )1-5( ﺳﺠﻼﺕ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ‬
      ‫א‬         ‫ن‬              ‫אدم‪K‬‬    ‫א‬                                ‫א‬           ‫א‬   ‫א ض‬
    ‫و א ن א دم א‬                     ‫א‬                 ‫‪× ª‬‬               ‫א‬           ‫א‬
            ‫ل‬        ‫א‬         ‫ن‪Í‬‬               ‫א د‬              ‫א دم ذ א‬           ‫لوً‬          ‫ول א‬
            ‫‪KE5-1F‬‬               ‫א‬                                         ‫א دم א‬          ‫ول‬

                                                       ‫1.6 ﻫﻴﻜﻠﻴﺔ ﺭﺳﺎﻟﺔ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ‬
                                  ‫‪W‬‬             ‫א‬                     ‫‪Ø‬و‬        ‫نא× א‬
                                                ‫• ﺗﺮﻭﻳﺴﺔ ﺭﺃﺱ ﺍﻟﺮﺳﺎﻟﺔ )‪(Header‬‬
                                                                      ‫‪ª‬א‬        ‫א‬                ‫و‬
‫‪W‬‬     ‫א‬         ‫ن‬        ‫و‬                          ‫אن א ×‬        ‫א‬    ‫‪WEFromF‬‬              ‫‪ J‬א‬
                                                                  ‫‪Kxsender]@[source domain namez‬‬
23                                                                ‫ א د‬ª‫א א‬                         ‫وא‬              ‫ א‬W ‫و‬Ø        ‫دא‬           ‫א‬


                                                                          ‫و‬Ø               ‫א× א‬ª                         ‫ א‬Wsender
              .          ‫א‬        ª                   ‫دم א‬                    ‫ق‬            ‫א‬        ‫ א‬Wsource domain name
ً‫א‬                      ‫ن‬           ‫و‬K                                    × ‫אن א‬                   ‫א‬          :EToF              ‫ א‬J
              ‫א‬                       ‫אن א‬              ‫ن‬                K                                      ‫אً و‬            ‫ًو‬
                                                                                  K [receiver]@ [destination domain name]
                                                                      ‫و‬Ø                  ‫א× א‬ª                       ‫ א‬Wreceiver
     .                      ‫دא‬                ‫دم א‬                ‫ق‬               ‫א‬        ‫ א‬Wdestination domain name
     ‫و‬Ø               ‫دم א × א‬                                ‫א‬                                   ‫ ن‬WERouteF                    ‫ א‬J
                  ‫א‬              ‫אدم א‬            ً‫و א‬                                ‫א‬           ‫و‬Ø         ‫دم א × א‬                        ‫א‬
                      ‫ض א‬                ‫د‬        .               ‫א‬                            ‫א‬          ‫א‬                 ‫א‬
                  ‫م‬          ‫ن א‬                                 ×‫א‬                  ً                      ‫ א‬ª          ‫و‬Ø              ‫א× א‬
          ?                         ‫و‬Ø        ‫א‬          ×‫א‬                                ‫ א‬                      ª‫א‬
ً        ‫ض‬              E7-1F                     ‫ وא‬K?                           ?        ‫و‬Ø            ‫א‬     ×‫א‬                ?            ‫א‬
                                                                                                                                       K
                                              K              ‫عא‬                                    :(Subject) ‫• ﺍﳌﻮﺿﻮﻉ‬
                                                                      K                ‫א‬                     :(Body) ‫ﺺ‬‫• ﺍﻟﻨ‬
                                                                                      ‫و‬Ø                            E6-1F
‫א א‪ ª‬א د‬   ‫وא‬       ‫‪Ø‬و ‪ W‬א‬    ‫دא‬        ‫א‬                           ‫42‬




                                    ‫ﺷﻜﻞ ) 1-7( ﻣﺴﺎﺭ ﺭﺳﺎﻟﺔ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﱐ‬




                     ‫ﺍﻟﺸﻜﻞ )1-7(. ﺑﻴﺎﻧﺎﺕ ﺍﳌﺴﺎﺭ ﰲ ﺭﺳﺎﻟﺔ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﱐ .‬




                                ‫ا‬     ‫ا‬
                 ‫ا‬              ‫و‬    ‫ا‬                  ‫ا‬         ‫ر‬
                              ‫)‪(Spam‬‬
‫52‬                     ‫א א‪ ª‬א د‬   ‫وא‬     ‫‪Ø‬و ‪ W‬א‬   ‫دא‬     ‫א‬




            ‫• ﻣﻘﺪﻣﺔ ﻋﻦ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬
               ‫• ﺃﺳﺎﻟﻴﺐ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬
     ‫• ﺍﻹﺟﺮﺍﺀﺍﺕ ﺍﳌﻀﺎﺩﺓ ﻟﺮﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬
‫ א د‬ª‫א א‬               ‫وא‬               ‫ א‬W ‫و‬Ø             ‫دא‬              ‫א‬                                                                 26
                                         ‫ א‬Ù              ‫و‬Ø         ‫א× א‬                                 ‫אא‬
                                   Kª        ‫אد وא‬          ‫א‬                        ‫א‬                                 ‫و‬                 ‫و א‬
     ×‫لא‬                                    ‫א‬                   ‫א‬              ‫אא‬                                 ‫ذ‬                ‫و‬
                                                      K  ‫ א د‬ª‫א א‬                       ‫ وא‬ª                  ‫ א‬Ù                 ‫و‬Ø        ‫א‬


                                         ‫2.1 ﻣﻘﺪﻣﺔ ﻋﻦ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬
                                                                                                                 (Spam)
‫م‬       ‫אم‬          ‫א‬                                      ‫ א‬Ù             ‫و‬Ø        ‫א× א‬                              ú
     EBulkF                         ‫ل‬             EElectronic Messaging SystemF ‫و‬Ø                                               ‫א‬             ‫א‬
                   ‫א‬                                ‫و א‬             ‫و א‬                   ‫ א‬Ù ‫א و‬                       ‫א‬                 ‫א‬
Electronic      F            ‫و‬Ø         ‫مא× א‬                    ESpamF                   ‫ط‬        ‫عא‬                       ‫و‬K                 ‫א‬
                         ‫و‬                   ً                                        EE-MailF ً‫א‬                           ‫ و א‬EMail
                                                                                                                W                    ‫و‬Ø        ‫א‬
                                                                                              K EBlogsF ª ‫•א و‬
                                                                      K ESMSF Ù                ‫א‬            ‫א‬                ‫•א‬
                                                                                       K EForumsF ª                         ‫•א‬
                                                          K EWeb Search EnginesF                            ‫ א‬ª •
                                   K EInstant MessagingF                        ‫א‬     ‫א‬Ø ‫ א‬L               ‫א‬           ‫א‬Ø ‫•א‬
               ‫و‬                       ‫نא‬            ‫א‬                 ‫א‬                 ‫نא ض‬                          ً
             ‫אم א‬             ً‫א‬                  ‫ز‬              ‫و‬              ‫ون‬                 ‫ن‬                    ‫ن‬                ‫א‬
             ‫א د א‬                                   ‫א‬                Kª                ‫א‬            ‫د‬                    ‫א‬                 ‫א‬
27                                                               ‫ א د‬ª‫א א‬                      ‫وא‬                ‫ א‬W ‫و‬Ø                    ‫دא‬                 ‫א‬


               K         ‫نא‬              ‫א‬                   ً                                                       ‫م‬                 ×                      ‫و‬
                   ‫ل و‬                                  ‫א‬                                                 ‫אض‬                  ً        ¯
      ‫א‬                                            ESocial EngineeringF                                              ‫א‬                 ‫ א‬ª
                                 ‫א‬                      ‫א‬                    ‫א‬                                         ‫ א‬ª‫א‬                     ً              ‫א‬
‫ ?א  ن‬Ù                                ‫و‬Ø ‫ א‬ª‫א‬                                 ‫?א‬              ‫אא ع‬                              ً                K          ‫א‬
     ª‫א‬                 ‫א‬                                                                               ‫א‬                    ‫ع‬                         ú ‫א‬
                                               ‫א‬                         ‫ع‬                ‫و‬                     ً            ‫و‬K             ‫و‬                 ‫א‬
                                    ‫و‬                       ‫و‬                                           ‫א א‬        ‫ن‬                                         ‫א‬
                                                                                                                 >KK‫وس‬Ù                                        ‫א‬
           ‫א‬              ‫د‬                   ‫א‬                    ‫א‬                ×‫א‬                        1                            
      ‫ن‬              ENational               Saudi Anti-Spam ProgramF E                                                  ‫ א‬Ù F                                ‫א‬
           ‫ود‬                    Ë‫א‬ª                                   ‫א‬               ً‫א‬     ª              ‫ א‬Ù              ‫و‬Ø                    ‫א× א‬
K                                            ‫م 7002م و ن‬                                        54                   EISPF  ‫א‬                                 ‫א‬
SMS   F             ‫ א‬Ù             Ù         ‫א‬                 ‫א‬                    ‫א‬          ‫ًن‬                                      ‫א‬ª                   ‫و‬
          J ‫د‬                ‫א لא‬                          ‫א‬                                 ‫א א د‬ª                    ‫א‬            ً‫א‬               ESpam
5          ‫3 د‬                            2                      20                                      65 ‫م 7002م‬                                      1.7
                                                        .                ‫אض‬                    ª‫و5 ذא‬                             ‫אق א‬




           ‫و‬ª                ‫א‬           ? ‫د‬        ‫א‬                ‫א‬           ‫ א‬                ‫א‬                    ‫א א‬               ‫א‬             ? E1 F
          (http://www.spam.gov.sa/Statistics-Arabic.doc)                                        ‫ 8002م‬J 1429 ª                                           ‫א‬
 ‫ א د‬ª‫א א‬                         ‫وא‬             ‫ א‬W ‫و‬Ø        ‫دא‬                ‫א‬                                                         28
          2 ESymantecF ?                                  ?W                                   1
      ×‫א‬                   ‫م 7002 ن‬                            ‫×א‬                              ‫ א‬Ù            ‫و‬Ø               ‫א× א‬
‫ و‬K ‫و‬Ø                            ‫א× א‬                                              69               ª               ‫ א‬Ù            ‫و‬Ø       ‫א‬
          ‫א‬                ‫ن‬               4 ECommtouchF ?                            ‫? م‬                                          3
                                        140              87              2006 ‫76 و م‬                                            2005 ‫م‬
                                        K2005 ‫م‬                     30                     ‫د‬                                    160         
                      Kª                ‫אد وא‬           ‫ز ج‬                                       ‫א‬           ‫א‬
              ‫א‬                K              ‫א‬                     ‫ن‬                          ‫و‬                                ¯ ª
                                                                                                                                        W ‫א‬
      K               ‫א‬                            ‫و‬               ‫אא‬            ‫א‬                    ‫א‬           ‫א‬ª               •
                               ‫א‬                          ‫אא‬                                   ‫א‬                   ‫א‬             ‫• א‬
                                                                                                                       KE        ‫א‬F         ‫א‬
E-Mail            F        ‫و‬Ø             ‫دم א × א‬                            ‫و‬            ‫ א‬Ù ETrafficF                         ‫• א‬
                                                                                                                            K          EServer
Data Network                            F‫ل‬           ‫א‬                            ‫و‬             ‫א‬Ù ¯                             ‫• א‬

(1)           The State of Spam, A Monthly Report – February 2007, Generated by Symantec
               Messaging and Web Security
               (http://www.symantec.com/avcenter/reference/Symantec_Spam_
               Report_-_February_2007.pdf)
                                         ESymantec.comF ª                ‫א‬           ª            ‫ ل‬                                      E2F
(3)           2006 Spam Trends Report: Year of the Zombies, December 27, 2006,
                Commtouch® Software Ltd.,
                (http://www.commtouch.com/documents/Commtouch_2006_Spam_
               Trends_Year_of_the_Zombies.pdf)
                                                    ‫و‬Ø         ‫ × א‬ª                  ‫א‬       ª                                           E4F
                                                                                           Ehttp://www.commtouch.comF
29                                                      ‫ א د‬ª‫א א‬                    ‫وא‬                    ‫ א‬W ‫و‬Ø                 ‫دא‬              ‫א‬


      ‫ و‬KEInternetF  ‫א‬                   ‫ل ×א‬                         ‫א‬                ً           ‫و‬                         EBandwidth
?        ‫? م‬                       ‫د‬      ‫م 6002 א‬                             1                    ‫ א‬Ù                      ‫א‬
    F4             3 ‫א‬Ù 1700                                       ‫א‬                        ‫א‬              ‫ 2 ن‬ECommtouchF
 EImagesF                  ‫אم א‬         ‫م 6002 و ن א‬                          E                    5                    1,700,000,000

ª           ‫א‬   Ù ‫د‬                               ‫א‬            ¯                               ‫א‬                                          ‫א‬
                                          KETextF ‫ص‬                                                                  ‫و‬                 EBytesF
        ‫ א‬ª                                                               ‫א‬        ‫א‬                       6                ‫د א‬
        ‫و‬                  ‫א‬ª       ‫א‬                         ‫א‬                                ‫א‬            ‫ن‬ª                                   ‫א‬
          ‫و‬            ‫א‬            ‫א‬         ‫א‬                        ‫אً  م 7002 و‬                                          13
                   K               ‫ א‬                        ‫א ز‬                       ‫א‬                ‫ وא‬ª × ‫ وא‬ª‫א א‬
                                                                                            W ‫א‬                          ‫א‬            ‫و‬
         ‫א‬                ‫ًא‬      ‫و‬                  ‫ز א‬     ‫ض‬                    ‫ن‬                    ‫ א‬                           •
         ‫א‬                 ‫ א‬ª ‫א‬                       ª ‫و‬Ù ‫ א‬ª                                                    ‫ز‬           ‫אא‬


(1)    2006 Spam Trends Report: Year of the Zombies, December 27, 2006, Commtouch®
       Software Ltd.,
       (http://www.commtouch.com/documents/Commtouch_2006_Spam_Trends_Year_of_
       the_Zombies.pdf)
                                         ‫و‬Ø           ‫ × א‬ª                    ‫א‬           ª                                                 E2 F
                                                                                    K Ehttp://www.commtouch.comF
                                                                                                     .   ‫ن‬           1000                 ‫ د‬E3 F
        ? ? ‫ א‬KEbitF         8     ‫ن‬     ‫و‬ª                  ‫א‬ª               ‫א‬               ‫س‬                ‫و‬        EbyteF               E4F
                                                                                                         K?0? ‫?1? و‬               ‫ن‬
                                                                                                             .   ‫ن‬        1               ‫ د‬E5F
        . Ehttp://www.spamlaws.com/state/ca.shtmlF ª                                            ‫ل وא‬                                       ‫ د‬E6F
    ‫ א د‬ª‫א א‬                ‫وא‬                   ‫ א‬W ‫و‬Ø               ‫دא‬              ‫א‬                                                                      30
     ‫د‬           ‫وא‬                                               ‫א  א‬                      ‫وא א‬                              ‫و‬                   ‫و‬Ø            ‫א‬
    ‫دود‬              ‫א‬                                ً            ‫و‬K                 ‫وس و‬Ù                                                               ‫و‬
                                  ‫א ود‬                     ª            ‫ א‬K2004                                           ‫? א  א‬MyDoom?
         ‫ن א‬                     ‫א‬               ‫م א‬                      ‫وذ‬             ‫و‬Ø                                                        ‫א‬        ‫א‬
‫ א‬                 ‫א‬                        ‫? و‬MyDoom? ‫دود‬                                            ‫و א‬                                                   ‫א‬
‫ل‬                            ‫א‬                    ‫م‬                ‫א ود‬                    ً                           ‫ز‬        ‫ن‬                    ‫א‬        ‫א‬
         K1                  ‫زא‬                                                ‫و‬Ø                        ‫و‬                                 ‫א‬
‫س‬                        ‫א‬                                              ‫ א‬Ù                        ‫אم א‬               ‫א‬             ‫• א‬
? Ù                     ‫و‬Ø ‫ א‬ª‫א‬                                  ‫?א‬              ‫ل‬                 ‫א‬                       ‫و‬                 ú‫א‬
K              ª                                                      ‫א‬         ‫א‬             ً                          ‫و א‬K                      ‫ذ‬             ‫א‬
                ×‫و א‬                      ‫א‬                                           ‫ن‬         Ó‫א‬                                               ‫א‬
           ×‫ אא‬                      ‫א‬           ‫א‬                    ‫א‬        ‫2 و ن‬                     ‫א א‬              ú            ‫א‬ª 
      ‫و‬         ×                     ª           ‫א‬           ‫و‬            ‫א‬                       ‫א‬          ‫وא‬                    ‫א‬                    ‫א‬
‫م‬               ‫و‬                ‫و‬                        ª                      ú                            ‫אن  د‬                                          ‫ن‬
          ‫אא‬                 Í ‫و‬                      ‫א‬          ‫ق‬                                            ‫א‬           ‫و‬                         ‫ن‬        Ó‫א‬
                                                                   K3 ª               ‫ א‬Ù              ×‫ אא‬                            ‫ن‬


                                                           ?F-Secure? ª                ‫א‬                          ª ‫و‬Ù ‫א‬                        ‫و‬            E1F
                                                           K Ehttp://www.f-secure.com/v-descs/novarg.shtmlF
                                                              K             ª                              ‫א‬           ‫א‬        ERandF ‫ א א‬E2F
          “SA cops, Interpol ? ‫אن‬                             2004\×             ‫13\د‬                              ª       ‫42" א‬             ?                E3F
            http://www.news24.com/News24/South_Africa/News/0,,2-7-F probe murder
                                                                                                           . E1442_1641875,00.html
‫13‬                                                         ‫א א‪ ª‬א د‬                 ‫وא‬                  ‫‪Ø‬و ‪ W‬א‬           ‫دא‬         ‫א‬


                                   ‫2.2 ﺃﺳﺎﻟﻴﺐ ﺍﻟﺮﺳﺎﺋﻞ ﺍﻟﱪﻳﺪﻳﺔ ﺍﻹﻟﻜﺘﺮﻭﻧﻴﺔ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬
    ‫א×‬                   ‫ل‬             ‫‬              ‫א‬                     ‫א‬            ‫‬              ‫אא‬
                                                                                                 ‫‪K‬‬            ‫‪ Ù‬א‬         ‫‪Ø‬و‬        ‫א‬

           ‫2.2.1 ﺍﻷﺳﻠﻮﺏ ﺍﻷﻭﻝ: ﺑﺮﻳﺪ ﺍﻧﺘﺤﺎﻝ ﺍﻟﺸﺨﺼﻴﺔ )‪(E-Mail Spoofing‬‬
             ‫א‬                          ‫‪ESMTPF‬‬                 ‫א‬             ‫א×‬               ‫ل‬
      ‫אن‬                                ‫ل‬         ‫ن‬                                           ‫א‬              ‫‪EAuthenticationF‬‬
‫? ?‬                  ‫א‬            ‫‪ EHeaderF‬و‬                ‫سא‬                   ‫‪Ø‬و‬                      ‫א‬                     ‫‪Ø‬و‬
    ‫‪Ø‬و‬                       ‫אن‬                  ‫א د‬                        ‫‪K‬‬            ‫אن א‬                             ‫‪ EFromF‬א‬
‫ل‬        ‫‬                        ‫‪Ë‬א‬            ‫‪K‬و אא‬                  ‫א‬                                     ‫و‬
                 ‫א‬                              ‫ل ‪ EspoofingF‬و‬                       ‫א‬                        ‫‪ª‬‬       ‫‪ Ù‬א‬      ‫א×‬
‫م‬                            ‫وذ‬         ‫و‬                  ‫‪ú‬و‬                                        ‫א و‬              ‫و‬              ‫א‬
                                                 ‫ق‪K‬‬                                  ‫د‬           ‫و‬                ‫א‬                 ‫א‬
      ‫א ‪ ª‬א‬                      ‫م‬                               ‫א‬             ‫אא ع‬                         ‫ط‬            ‫و‬
‫‪K‬‬                        ‫א‬         ‫ذא ‪Í‬‬               ‫د א‬                 ‫‪ EAttachmentsF‬و א وא ‪ ELinksF‬א‬
‫‪Ù‬و ‪ ª‬و‬                                      ‫د‬               ‫ن ‪Ù‬و ‪ ª‬وא وא‬                                                  ‫ ‪ ª‬א‬
                                                                                                     ‫‪K‬‬                ‫א‬


    ‫2.2.2 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﱐ: ﺧﺎﺩﻡ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﻔﺘﻮﺡ )‪(Open Mail Rely‬‬
                              ‫‪Ø‬و‬        ‫א× א‬                                 ‫‪Ø‬و‬           ‫אدم א × א‬
             ‫مא و‬                  ‫א‬                                  ‫א‬         ‫و‬               ‫אدم‬                            ‫ن‬
    ‫ א د‬ª‫א א‬              ‫وא‬             ‫ א‬W ‫و‬Ø               ‫دא‬                    ‫א‬                                                            32
           ‫א‬                    ‫د א‬       ‫א‬          ً‫א‬                ‫و‬Ø               ‫א× א‬                        ‫ل‬            ‫ن‬                ‫א‬
‫دم‬       ‫ل‬             ‫א‬                 ‫ د‬Ù                        ‫א‬        ª                                 ‫ذא ن א دم א‬                    ‫א م‬
‫دم‬                              ª               ‫دم‬                                                                  ‫א‬                             ‫א‬
K             ‫و‬                    ‫لא‬           ª ‫دم א‬                                                       ¯        ‫ن‬                         ‫א‬
Ù                  ‫א‬                                                   ‫א‬Ë                                               ‫א‬Ø ‫ א‬               ‫א‬
             ‫אدم‬            ‫ن‬                   ‫אدم א‬           ‫א‬            ً                ً‫دא‬          ‫ن‬              ً‫و א‬                     ‫א‬
¯        ‫ن‬                      ‫אدم א‬     ‫א‬               ‫א د‬                           ‫א‬                           ‫א אدم א‬                       ‫وא‬
                                                           .                 Ù                          ‫א‬        ‫ن‬        ‫ً ن‬             ً         ‫א‬

          ‫ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﻟﺚ: ﺍﻟﺮﺳﺎﺋﻞ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ ﺍﳌﻌﺘﻤﺪﺓ ﻋﻠﻰ ﺍﻟﺼﻮﺭ‬                                                                             3.2.2
                                                                                                       (Image-based Spam)
     ‫د‬                 ‫א‬                      ‫אم א‬             ‫א‬                            ‫ א‬Ù                    ‫א‬
                            ‫א‬                              ‫و‬                     ‫א‬                Ò‫א‬                     ‫א‬               ‫א‬
                                                                                                                 K            ‫א‬           
‫? م‬W                                     2006 ‫م‬                 1                        ‫ א‬Ù                        ‫א‬
                   ‫א‬                      ‫א‬                ‫ א‬Ù                              ‫א‬             ‫ 2 ن‬ECommtouchF ?
                                 70                  ‫א‬         ‫و‬                    ‫ א‬Ù                      ‫دא‬                                35
          ‫ א‬Ù                      ‫א‬                      ‫ א‬EData Traffic BandwidthF ª                                              ‫א‬
(1)       2006 Spam Trends Report: Year of the Zombies, December 27, 2006,
         Commtouch® Software Ltd.,
         (http://www.commtouch.com/documents/Commtouch_2006_Spam_Trends_
         Year_of_the_Zombies.pdf)
                                               ‫و‬Ø          ‫ × א‬ª                         ‫א‬            ª                                         E2F
                                                                                         Ehttp://www.commtouch.comF
33                                                   ‫ א د‬ª‫א א‬                 ‫وא‬                   ‫ א‬W ‫و‬Ø              ‫دא‬                   ‫א‬


                                     KE              1,700,000,000F                                ‫א‬Ù 1700 W                                ‫א‬
‫ق‬            ¯           ‫א‬                            ‫א‬                            ‫אم א‬                ‫نא‬               ‫و‬
       ‫و‬               EBytesF ª                ‫א‬      Ù ‫د‬                                     ‫א‬                 ª              ‫א‬
                                                                                           KETextF ‫ص‬
Optical Character Recognition – F                          ú‫و‬          ‫א‬                 ú              ‫א‬
EpatternsF          ‫א‬               ú          Eheuristic     methodsF                                     ‫قא‬          ‫ وא‬EOCR
       ‫א‬          ‫אא ع‬                              ‫ ود  א‬                                       ‫א‬                                      ‫א‬
K                      ‫ص‬              ‫א‬                   ً                                            ‫ن‬                            ‫ א‬Ù
                                                                                                            W‫א ل‬
                                          K                    ‫وא‬               ‫א‬                  ‫א نو‬Ù           •
                                                                                           Kú‫א و‬                   •
              K                                     ‫ن‬                     ‫א‬                                      ‫•و‬
                                                                   K                ‫א‬              ‫אم א‬          ‫•א‬
× ‫אم‬                             ‫ א‬Ù                                                                        ‫و‬               ‫א‬
                                             ‫ א‬Ù                     ‫ א د‬ª‫א א‬                             ‫א‬                   
                                              K                                           ‫ א‬Ù                   ‫א‬                          ‫א‬
                                     ‫جא‬                    ‫ א‬Ù                            ‫א‬
      ‫א‬ª                        ‫א‬                         ª               ª                            ‫אم‬          ‫א‬
Microsoft    F?              ‫و‬            ?           ‫א‬       ‫ א‬ª                                      ‫ و‬EPDFF                         Ò‫א‬
                                                                               KEXLSF ‫ و‬EDOCF                                EOffice
‫א א‪ ª‬א د‬           ‫وא‬           ‫‪Ø‬و ‪ W‬א‬     ‫دא‬            ‫א‬                                                        ‫43‬
                     ‫2.2.4 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺮﺍﺑﻊ: ﻫﺠﻤﺔ ﺍﻟﻘﺎﻣﻮﺱ )‪(Dictionary Attack‬‬
       ‫و‬                     ‫س‬           ‫‪ª‬א‬        ‫‪ Ù‬א‬              ‫א×‬                ‫م‬
            ‫‪ª‬‬                    ‫‪Ú‬‬         ‫‪ Ú‬ذא‪ª‬‬                                              ‫وذ‬                  ‫‪Ø‬و‬
                                               ‫‪Ø‬و ‪K‬‬                        ‫و‬        ‫ن‬                         ‫א‬        ‫و‬
    ‫‪K‬و‬                   ‫‪ª‬‬       ‫س ‪ Ú‬و‬                        ‫ن‬                 ‫د‬           ‫א ‪ Ú‬א‬
‫א ل‬                 ‫ن א‪ Ó‬د‬               ‫د א א‬              ‫‪Ù‬‬                 ‫א ‪ Ú‬א‬                                 ‫ن‬
    ‫د‬                      ‫א‬                                    ‫א و א‬                       ‫د‬            ‫و‬
                                                                                                          ‫א و ‪K‬‬
         ‫و א‬            ‫א‬                          ‫و א‬           ‫א‬             ‫‪ú‬‬        ‫نא‬               ‫و‬
                ‫א‬            ‫‬        ‫א א א‬          ‫و‬                     ‫א‬           ‫نא د‬              ‫س‬                ‫א‬
‫ل‬                                    ‫א‬    ‫‬                           ‫א‬           ‫ن‬                                  ‫د‬
                                                                      ‫‪K‬‬             ‫‪Ù‬‬                 ‫א‬                ‫א‬

            ‫ﺍﻹﺟﺮﺍﺀﺍﺕ ﺍﳌﻀﺎﺩﺓ ﻟﺮﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬                                                      ‫2.3‬
‫‪Ù‬‬     ‫‪Ø‬و‬            ‫א× א‬                  ‫א א‪ ª‬א د‬               ‫א‬             ‫‬       ‫אא‬
                                                                                                          ‫‪K‬‬            ‫א‬


                                     ‫2.3.1 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻷﻭﻝ: ﺍﻟﺘﺼﻔﻴﺔ )‪(Filtration‬‬
     ‫א א‬                     ‫س‬                 ‫‪Ø‬و‬      ‫א× א‬                         ‫א‬             ‫ن‬
                                                                                                              ‫‪W‬‬            ‫א‬
    ‫אن א‬                    ‫‪ EHeaderF‬و‬             ‫سא‬                 ‫‪ ª‬و‬                                ‫•‬
                                                                                                          ‫‪K EFromF‬‬
35                                               ‫ א د‬ª‫א א‬                 ‫وא‬                ‫ א‬W ‫و‬Ø              ‫دא‬            ‫א‬


                                                             K ESubjectF                         ‫عא‬                  •
                                                                       K EBodyF                       ‫א‬              •
                ‫א‬          ‫א‬              ‫א × א دم‬                                                             ‫ذא‬
‫س‬             ‫و‬Ø                    ‫ د‬      ‫و‬         ‫و‬Ø                            ‫و‬                                         ‫א‬
‫ن‬             ‫ع وא‬                         Eregular        expressionsF                          ª‫א‬Ù            ‫و‬              ‫א‬
                                                       K‫ن א א × א א د‬                                ً‫א א‬                 ‫א دم‬
                     ‫ א‬Ù                                    ‫ א‬ª‫א א‬                 ‫א‬                                ‫א‬
                                ‫א‬                      ‫א‬      ‫א‬            ª‫وزא‬                 ‫א‬
    ‫א‬     Ù ‫و‬                        ‫ند‬           ‫د‬                   ‫א‬             ‫ א‬Ù                        ‫א‬
                                                                                                                K1             ‫א‬


Black lists    ) ‫2.3.2 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﱐ: ﺍﻟﻘﻮﺍﺋﻢ ﺍﻟﺒﻴﻀﺎﺀ ﻭﺍﻟﻘﻮﺍﺋﻢ ﺍﻟﺴﻮﺩﺍﺀ‬
                                                                                                            (/ White lists
ª              Ú‫و‬                   ‫و‬Ø            ‫و‬                         ‫دא‬           ‫א‬             ‫א‬
        ‫אدم‬        EIP      addressesF         Ø ‫لא‬                ‫و‬             ‫و‬           ‫ و‬EDomain                NamesF

‫ل‬              ‫و‬               ‫א و‬              ‫و א د‬Ø                     ‫א‬                                             ‫و‬Ø
              ‫א دم‬          ‫و‬Ø        ‫א× א‬                                                   ‫ ذא‬K                    ‫א دم א‬
        ‫و‬                          ‫دא و‬   ‫א‬           ‫א‬       ‫ن‬                             ‫א‬                       ‫א‬
                                                                                                            K             ‫א‬

(1) M. Gupta, C. Shue, "Spoofing and Countermeasures", Book chapter in "Phishing and
    Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft",
    edited by Jakobsson and Myers, 2006, Wiley.
‫א א‪ ª‬א د‬                    ‫وא‬                ‫‪Ø‬و ‪ W‬א‬                ‫دא‬                        ‫א‬                                                                         ‫63‬
                 ‫א‬                                                            ‫‪Ø‬و‬                   ‫دم א × א‬                         ‫אد‬           ‫ن‬
        ‫א‬                       ‫א‬             ‫אد‬                     ‫ً‬        ‫دא و‬                            ‫א א א‬                             ‫د‬                       ‫א د‬
‫‪Junk F‬‬                 ‫‪ ú‬د‬                          ‫‪ ª‬א‬                  ‫ص‬                                        ‫א‬               ‫دא و‬                 ‫א‬               ‫א‬
             ‫א‬                                               ‫א‬            ‫‪ EE-Mail‬و ‪ EBulkF‬و ‪ ESpamF‬و ¯ א א ‬
                                                                                                                                                             ‫‪K‬‬               ‫و‬
    ‫×‬                ‫دא ‪K‬‬            ‫א א‬       ‫א‬         ‫ً‬                             ‫א‬                                                 ‫א א‬             ‫א‬
                                     ‫ و ذא‬                                    ‫دא‬                      ‫א‬                    ‫א‬                ‫ون‬                      ‫א دم‬
                      ‫نא‬                      ‫وذ‬                 ‫א‬                                 ‫א‬                    ‫א‬
                 ‫ون‪Ë‬‬                                ‫א‬               ‫‪ª‬‬                                         ‫א‪ú‬‬                        ‫ل א × א دم‬                          ‫و‬
                        ‫א א‬            ‫אم א‬                                                        ‫دא ‪ K‬و ¯‬                              ‫א‬               ‫א‬
‫אدم א‪ Ò‬د ‬                           ‫‪ ª‬وא‬                ‫وא‬          ‫و‬             ‫א‬                       ‫א× א د‬                                                ‫‪ª‬‬               ‫א‬
             ‫א‬               ‫א‬                                       ‫א ‪Í‬‬                                  ‫א‬                    ‫و ‪Ù‬ذ‬                             ‫א‬               ‫א‬
             ‫‬                   ‫م‬            ‫‪ ª‬א‬                   ‫א‪ Ó‬א ص ‬                                               ‫‬                ‫و‬
                                                                                                       ‫دא ‪K‬‬                 ‫אم א א א‬                                             ‫א‬
        ‫א‬                   ‫‪ú‬א‬                ‫دم‪J‬‬                             ‫אدא‪ª‬‬                        ‫א دم ‪ J‬و‬                                  ‫ن‬
        ‫אً‬                           ‫‪ ª‬א‬           ‫ص‬                                                          ‫دא و‬                     ‫א‬               ‫א‬           ‫ ً‬
    ‫دא و‬                     ‫א‬              ‫وط א‬                               ‫א אد‬                             ‫א‬                                ‫‪EscoringF‬‬                       ‫א‬
        ‫د‬                   ‫‪ K‬و د ذא‬                     ‫و‬                    ‫‪ú‬א‬                    ‫א دم א א‬                                             ‫א‬           ‫د‬
‫و‬                                                   ‫א‬                                  ‫א‬           ‫وط‬               ‫א‬                ‫ن‬                                           ‫א‬
    ‫ً‬                 ‫دאً‬        ‫ن‬                                        ‫א‬                ‫د‬                   ‫‪ K‬ذא‬                                          ‫‪ K‬وא‬
‫‪K‬‬                ‫‪ ª‬א‬                ‫א‪ Ó‬א ص ‬                                                                                   ‫א‬                    ‫א‬           ‫وط‬              ‫א‬
‫73‬                                                                        ‫א א‪ ª‬א د‬                     ‫وא‬                ‫‪Ø‬و ‪ W‬א‬         ‫دא‬             ‫א‬


‫‪Ù‬‬                                                       ‫‪Ù‬‬                         ‫و‬                ‫א א‬           ‫دא وא‬              ‫א א א‬
                               ‫א א‬                                       ‫ً‪K‬‬                                  ‫א‬                          ‫و‬             ‫א‬
             ‫א‬               ‫‪Ø Efalse‬אض ن‬                                ‫‪positivesF‬‬                ‫א ذ‬           ‫א ‬                 ‫و א‬
    ‫א‬    ‫אم א‬                 ‫ًא‬        ‫و‬                           ‫א‬                        ‫‪ Ù‬و‬                                    ‫‪Ø‬‬                 ‫א‬
                                            ‫‪K‬‬               ‫א‬                     ‫دא ‬             ‫א‬         ‫א‬                                          ‫א‬


‫‪Commercial‬‬               ‫2.3.3 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻟﺚ: ﺍﻟﻘﻮﺍﺋﻢ ﺍﻟﺒﻴﻀـﺎﺀ ﺍﻟﺘﺠﺎﺭﻳـﺔ )‬
                                                                                                                                         ‫‪(Whitelists‬‬
    ‫א×‬                   ‫م‬                      ‫و‬                        ‫‪ª‬‬                         ‫ع א‬                ‫א‬
             ‫‪K‬‬           ‫א‬                         ‫ل‬       ‫نو‬                                ‫א‬                                             ‫‪Ø‬و‬         ‫א‬
 ‫‪EscoringF‬‬                         ‫א‬                            ‫א‬                             ‫‬                  ‫א‬                  ‫א‬
                                                ‫א‬                                 ‫ذ‬                      ‫دא‪ EcertificatesF ª‬و‬                      ‫وא‬
                                                                                      ‫‪K‬‬            ‫א‬                     ‫و‬             ‫ق و‬

             ‫2.3.4 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺮﺍﺑﻊ: ﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺍﻟﺘﻜﺎﻣﻠﻴﺔ )‪(Integrity Check‬‬
‫م‬                            ‫‪ ESMTPF‬א‬                              ‫א× א‬                      ‫ل‬               ‫ًن‬                     ‫ذ‬
                 ‫א‬                                          ‫א ‬                           ‫א‬                      ‫‪Ø‬و‬            ‫א‬     ‫א×‬            ‫א‬
‫ًو‬                   ‫ن‬             ‫و ن‬                                        ‫‪K‬‬           ‫אن א‬                           ‫‪ EAuthenticationF‬و‬
        ‫אن‬                             ‫א‬               ‫‬                                                                      ‫א‬
                     ‫‪ Ù‬א‬                       ‫لא‬                   ‫‬                       ‫‪Ë‬א‬             ‫א‬             ‫א‬         ‫و‬        ‫‪Ø‬و‬
                                                                                                             ‫ل ‪.EspoofingF‬‬                    ‫א‬
 ‫א א‪ ª‬א د‬                      ‫وא‬                ‫‪Ø‬و ‪ W‬א‬                ‫دא‬              ‫א‬                                                                   ‫83‬
‫س‬                   ‫و‬                                                     ‫א‬                                      ‫א‬                ‫ن‬
      ‫א ? ? ‪EFromF‬‬                                     ‫‬                 ‫א‬         ‫אن א‬                                ‫‪ EHeaderF‬و‬                             ‫א‬
‫‬                                    ‫א‬             ‫?وא د? ‪KEReceivedF‬‬                               ‫א‬               ‫د  و‬                         ‫א‬           ‫א‬
                                                                                                ‫1‪K‬‬                   ‫‪ Ù‬א‬                          ‫‪ú‬א‬           ‫א‬
                                                                   ‫2.3.5 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﳋﺎﻣﺲ: ﲢﻮﻳﺮ ﺍﻟﻌﻨﻮﺍﻥ‬
           ‫‪ª‬א‬                        ‫‬                     ‫א‬                   ‫א‬        ‫ א א‬                   ‫אن א ×‬                ‫א‬
      ‫×א‬                                 ‫ش و ‪ Ù‬‬                               ‫‪ª‬א‬                    ‫و‬               ‫‪ ú‬א‪ Ò‬د‬                    ‫و‬            ‫א ‬
‫‪Ù‬‬              ‫لא×‬                       ‫م‬                        ‫א ‬         ‫‪Ø‬و‬               ‫א‬        ‫و א×‬                                  ‫א‬                ‫א‬
                        ‫د ‬                            ‫‪Ø‬و‬              ‫אن א × א‬                              ‫א‬                    ‫‪ Kª‬و א‬                      ‫א‬
                        ‫‪K‬‬                ‫ א א א‬                      ‫א א×‬                                          ‫א‬            ‫ذא א‬             ‫א ×א‬
           ‫?@? وא‬                            ‫‪?at? W‬‬                    ‫אل א‬        ‫א א‬               ‫א‬                                     ‫א‬
 ‫?‪?xyz at abc dot com‬‬                                          ‫א‬                   ‫ل ?‪?xyz@abc.com‬‬                               ‫?‪?K‬‬                        ‫?‪?dot‬‬
‫‪ú‬‬          ‫א‬                         ‫א‬       ‫‪Ø‬و‬                ‫و א× א‬                                    ‫א‬                                              ‫א‬      ‫و‬
                                                 ‫אن‪K‬‬           ‫لא‬        ‫د‪ ª‬א ض  א‬                              ‫ن‬                                 ‫‬
‫ً‬             ‫אً‬                ‫‪Ø‬و‬              ‫אن א × א‬                           ‫א‬               ‫ א‬                      ‫א‬             ‫א‬
           ‫אن‪K‬‬              ‫א‬                ‫‪ú‬‬         ‫א‬           ‫א‬           ‫א‬            ‫א‬                                      ‫و‬

            ‫2.3.6 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺩﺱ: ﻋﺪﻡ ﺍﻟﺮﺩ ﻋﻠﻰ ﺍﻟﺮﺳﺎﺋﻞ ﻏﲑ ﺍﳌﺮﻏﻮﺑﺔ‬
‫د ‪EBulkF Ù‬‬                               ‫‬                              ‫‪ Ù‬א‬                    ‫نא‬                       ‫א‬                ‫ذ‬
                                                                   ‫ و‬         ‫و‬                         ‫א‬               ‫א‬        ‫א و א×‬

‫)1(‬    ‫‪Technologies to Combat Spam, Thomas A. Knox, GIAC Security Essentials‬‬
       ‫,3002 ,61 ‪Certification (GSEC) Practical Assignment, Version 1.4b, Option 1, June‬‬
       ‫.3002 ‪SANS Institute‬‬
‫93‬                                                                            ‫א א‪ ª‬א د‬                  ‫وא‬                 ‫‪Ø‬و ‪ W‬א‬                 ‫دא‬              ‫א‬


‫ن א د دم‬                                        ‫د‬           ‫א‬                           ‫‪ Ù‬א‬                          ‫א‬            ‫א و ‪K‬א د‬
                  ‫‪K‬‬                    ‫‪Ù‬‬                                                 ‫‬                                          ‫و‬                ‫אن‬
‫אن‬                ‫زא‬           ‫א‬                                          ‫‪ Ù‬א‬                       ‫א‬                 ‫ن‬                 ‫א‬
                       ‫א‬                   ‫א‬                   ‫لא‬             ‫‪ú‬‬                                           ‫א×‬                ‫א‬                   ‫א‬
‫ً‬                      ‫אن א‬               ‫ذא ن‬                                          ‫אא א‬                 ‫وא‬                         ‫ن א ‪ ú‬א‬
                                                                                                                                                            ‫م ‪K‬‬
‫غ‬            ‫وא‬                ‫م‬                                 ‫‪ Ù‬א‬              ‫א×‬
                                                                                   ‫‪K‬‬         ‫א א د א‬                       ‫א‬

‫2.3.7 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺑﻊ: ﺍﻹﺑﻼﻍ ﻋﻦ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﻏـﲑ ﺍﳌﺮﻏﻮﺑـﺔ‬
                                                                                                                                    ‫)‪(Spam Reporting‬‬
              ‫وא‬                               ‫א‬                    ‫‪ Ù‬א‬               ‫א×‬                             ‫غ‬            ‫א‬
         ‫‬         ‫‪Ø‬و‬              ‫א× א‬                          ‫م‬             ‫ل‬                                   ‫א‬                    ‫غ‬               ‫א‬    ‫‪K‬‬
‫אن‬           ‫قא‬                   ‫א‬           ‫א‬                         ‫مא‬                      ‫‪ú‬‬            ‫א‬             ‫‪K‬‬            ‫‪ Ù‬א‬                      ‫א‬
                           ‫א‬               ‫א‬            ‫ق‬            ‫א‬        ‫ً نא‬                            ‫‪Ë‬ذ‬                ‫‪K‬و‬                           ‫א×‬
         ‫אن א ×‬                        ‫ق‬            ‫א‬           ‫ًא‬             ‫‪Ø‬و ‪K‬‬                  ‫א‬            ‫אن א ×‬                ‫‪ ?@? W‬‬
     ‫א‬             ‫ل‬                   ‫‪ª‬א‬                            ‫ل‬             ‫نא‬                     ‫?‪?abc.com‬‬                     ‫?‪?xyz@abc.com‬‬
‫א א دم‬                         ‫ن ?‪J‬‬                         ‫?‬             ‫א‬              ‫دم ?‪ – 1 ?WHOIS‬‬                                                   ‫ق‬
                                                                                          ‫‪Kª‬‬                  ‫א‬                 ‫‪ª‬‬


         ‫م و‬                                   ‫‬                                   ‫אم‬        ‫א‬       ‫א א دم م و د وא‬                             ‫ل‬              ‫‪E1 F‬‬
              ‫‪. Ewhois.netF‬‬                    ‫‪W‬‬                 ‫م‬             ‫א‬         ‫م‬       ‫א  א‬                         ‫א‬                ‫א א‬
‫ א د‬ª‫א א‬              ‫وא‬           ‫ א‬W ‫و‬Ø        ‫دא‬         ‫א‬                                                       40
                   ‫و א‬Ø            ‫א× א‬            ‫م‬    ‫غ‬             ‫غ‬                                   ¯
        ‫א زא‬                                 ‫غ א‬        ‫قא‬                   K            ‫א × א‬
ª             ‫א دم‬                           K‫غ‬             ‫و‬Ø        ‫א× א‬                      ‫م‬              ‫א‬       ‫وא‬
‫و‬              ‫א‬                ‫غ א دم‬                      ª‫א א‬                                        ×‫א‬           Ù
    K                       ‫ل‬         ً                          ‫دא‬       ‫א‬                ‫א‬           ‫אن א‬            ‫و‬
              ª ‫و‬                                        ‫ א‬Ù                         ‫א د‬               ‫א‬
                   K        ‫ق‬        ‫אم א‬     ‫א‬         ‫و‬                         ‫م‬             ‫ل‬            ‫א‬
    ×‫א‬                               ‫ א‬E1 J2F               ‫1א‬                       ‫א‬            ‫א‬
         ‫دم‬        ‫א‬        ‫دم‬     ‫א‬ª        ‫ א‬Ù           ×‫א‬                        2 EGmailF                 ‫و‬Ø        ‫א‬
                                                                                                                          ‫א‬




        ‫ﻠﹶﻎ ﻋﻨﻪ‬‫ﺷﻜﻞ )2-1( ﻧﺴﺒﺔ ﺍﻟﱪﻳﺪ ﻏﲑ ﺍﳌﺮﻏﻮﺏ ﺍﻟﻘﺎﺩﻡ ﺇﱃ ﺍﳋﺎﺩﻡ ﻗﺒﻞ ﺍﻟﺘﺼﻔﻴﺔ ﻭﻧﺴﺒﺔ ﺍﻟﱪﻳﺪ ﻏﲑ ﺍﳌﺮﻏﻮﺏ ﺍ ﹸﺒ‬
                 ‫ﳌ‬
                                                  (gmail.com ‫)ﺍﳌﺼﺪﺭ‬


(1) mail uses Google's innovative technology to keep spam out of your inbox”,
    gmail.com, (http://www.google.com/mail/help/fightspam/spamexplained.html),
    December, 2007.
                        . Egmail.comF  ‫א‬       ‫א‬     ‫و‬Ø                ‫ م‬E2)
‫14‬                                                           ‫א א‪ ª‬א د‬                  ‫وא‬                     ‫‪Ø‬و ‪ W‬א‬          ‫دא‬               ‫א‬


                                                  ‫‪K‬‬          ‫א‬                                  ‫‪ ª‬א‬               ‫‪ Ù‬א‬       ‫א×‬           ‫و‬
                                  ‫‪ ª‬א‬            ‫‪ Ù‬א‬           ‫א×‬            ‫ن‬                  ‫א‬             ‫א‬               ‫و‬
                                                             ‫‪K‬‬         ‫‪ Ù‬א‬                           ‫دא‬              ‫‬                 ‫1‬


‫2.3.8 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻣﻦ: ﺍﻟﺘﻘﻴﺪ ﺑﻮﺛﻴﻘﺔ ﻃﻠﺐ ﺍﻟﺘﻌﻠﻴﻘﺎﺕ ﻟﱪﺗﻮﻛﻮﻝ ﻧﻘﻞ‬
                                                                                             ‫ﺍﻟﱪﻳﺪ ﺍﻟﺒﺴﻴﻂ )‪(SMTP RFC‬‬
            ‫א‬        ‫א×‬           ‫ل‬              ‫×و‬          ‫‪ª‬א‬                ‫א‬                              ‫مא‬
‫אدم א ‬              ‫א‬            ‫א د‬                 ‫‪ Ù‬א‬                 ‫א‬                          ‫‪  ESMTPF‬א × א א د‬
    ‫ن א‬                        ‫‪ª‬‬             ‫‪ Ù‬א‬         ‫א×‬                                          ‫‪ Kª‬א‬             ‫א‬
        ‫א× א‬                   ‫ل‬             ‫×و‬              ‫‪ª‬א‬            ‫‬                 ‫א‬                                 ‫و‬            ‫د‬
‫ز‬       ‫ن‬                 ‫د‬           ‫وא‬              ‫ن‬                ‫ א دم א‬                                        ‫א‬        ‫‪ESMTPF‬‬
                                                                  ‫‪KEHackersF‬‬                     ‫‬                     ‫‪ Ë‬א ‪Ø‬א‬


‫‪Fake MX‬‬          ‫2.3.9 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺘﺎﺳﻊ: ﺳﺠﻼﺕ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ ﺍﳌﺰﻳﻔـﺔ )‬
                                                                                                                               ‫‪(Records‬‬
‫‪Ù‬‬               ‫‪Ø‬و‬        ‫א× א‬                                    ‫א‬                ‫א א‪ ª‬א د א‬                            ‫א‬
        ‫‪ª‬‬                ‫دم ‪ Ú‬א‬                   ‫د‬                                 ‫‪ ª‬دل‬                                   ‫و‬                ‫א‬
                                                 ‫ق‪K‬‬                   ‫‪Ø‬و‬            ‫אدم א × א‬                              ‫م‬        ‫א‬
    ‫ً‬                         ‫¯‬       ‫‪Ø‬و ? ن‬                      ‫‪ ?W‬مא× א‬                                     ‫‬           ‫ذ‬    ‫و‬
        ‫ن‬                     ‫אدم‪K‬‬       ‫א‬                            ‫אא‬                ‫א د ونא ض‬
‫‪ K‬و א ن א دم‬                                ‫א‬               ‫‪× ª‬‬                   ‫א‬                      ‫א‬                                    ‫א‬
‫א א‪ ª‬א د‬                     ‫وא‬                  ‫‪Ø‬و ‪ W‬א‬               ‫دא‬             ‫א‬                                                         ‫24‬
         ‫ل‬            ‫א‬             ‫ن‪Í‬‬                         ‫א د‬               ‫א دم ذ א‬                 ‫لوً‬                 ‫ول א‬               ‫א‬
                                                                                  ‫‪K‬‬                 ‫א دم א‬            ‫ول‬
     ‫‪W‬‬                                  ‫א‬             ‫א‬            ‫د‬                       ‫‪ ª‬א‬               ‫א‬           ‫ن‬       ‫¯‬


                                                                       ‫• ﺳﺠﻞ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ ﺍﻷﺩﱏ ﺍﳌﺰﻳﻒ‬
                                                                                          ‫)‪(Fake Lowest MX Record‬‬
‫אد‬                                      ‫‬                   ‫‪ Ù‬א‬                 ‫‪Ø‬و‬        ‫א× א‬                                   ‫אً‬
     ‫دم א ×‬               ‫ل‬             ‫د و א‬                                                        ‫ن‬               ‫א‬            ‫‪ Ù‬و‬
                  ‫‪K‬‬            ‫א‬            ‫אن א ×‬             ‫א‬        ‫ن‬                       ‫ل‬         ‫א‬               ‫‪Ø‬و  ل‬                  ‫א‬
‫‪ª‬‬                    ‫א‬                                                                    ‫دل‬
     ‫אدم א ×‬                        ‫م‬                     ‫א‬                           ‫‪ª‬‬             ‫دم ‪ Ú‬א‬                                      ‫א د‬
                                    ‫‪K‬‬                 ‫‪ Ù‬א‬                        ‫ل‬                               ‫ق‬                        ‫‪Ø‬و‬     ‫א‬
             ‫دم‬           ‫אن‬                              ‫א‬           ‫א د‬                ‫دل א‬                                ‫ن‬            ‫‬
             ‫مא‬                ‫نא‬                 ‫ً‬            ‫‪ EPort‬א א دم‬                    ‫52 ‪25F‬‬                        ‫ن א‬
                                                                                            ‫‪K‬‬             ‫× א אدم א‬                              ‫א‬


                                                                   ‫• ﺳﺠﻞ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ ﺍﻷﻋﻠﻰ ﺍﳌﺰﻳﻒ‬
                                                                                          ‫)‪(Fake Highest MX Record‬‬
         ‫א دم ذ א‬                       ‫ل‬                 ‫و א‬                    ‫‪ Ù‬א‬                    ‫א‬
‫ن‬                 ‫ل ‪Ù‬‬                                 ‫א د‬                    ‫א‬        ‫א دم ذ א‬                    ‫ً‬                    ‫א‬          ‫א‬
             ‫‬                                ‫א‬                ‫ً‬             ‫د ًא‬                     ‫א‬                   ‫א‬       ‫א دم ذ א‬
‫34‬                                               ‫א א‪ ª‬א د‬           ‫وא‬                   ‫‪Ø‬و ‪ W‬א‬          ‫دא‬              ‫א‬


                                         ‫‪K‬‬             ‫א אدم א‬                                      ‫‪ Ù‬א‬                  ‫א‬
     ‫‪ª‬א د‬             ‫א‬                                                      ‫دل‬
       ‫‪Ø‬و‬     ‫אدم א × א‬                      ‫م‬          ‫א‬                     ‫‪ª‬‬              ‫دم ‪ Ú‬א‬
              ‫‪K‬‬            ‫‪ Ù‬א‬              ‫لא‬         ‫‪ª‬‬                    ‫ אא‬                               ‫ق‬
‫אن‬      ‫‪ ú‬و ‪Ù‬‬                     ‫ن ‪Ù‬‬                       ‫א‬            ‫א‬               ‫دل א‬
             ‫אن دم‬                           ‫‪ Edead IP addressF‬و‬                                    ‫لא‪Ø‬‬               ‫و‬
                                        ‫ً‪K‬‬         ‫א دم‬               ‫52 ‪EPort 25F‬‬                             ‫ن א‬
‫‬             ‫دאً‬           ‫א‬            ‫‪ ª‬א‬                ‫א‬                    ‫א‬                  ‫ن‬
                                                                                                ‫‪KE2 J2F‬‬                   ‫א‬




                                  ‫ﺷﻜﻞ )2-2( ﻣﺜﺎﻝ ﻋﻠﻰ ﺳﺠﻼﺕ ﺗﺒﺎﺩﻝ ﺍﻟﺮﺳﺎﺋﻞ ﺍﳌﺰﻳﻔﺔ‬

        ‫2.3.01 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﻌﺎﺷﺮ: ﺗﺄﺧﲑ ﺍﻟﺘﺮﺣﻴﺐ )‪(Greeting delay‬‬
        ‫א‬        ‫‪Ø‬و‬        ‫دم א × א‬                             ‫‪Ù‬‬            ‫‪Ø‬‬
                                   ‫‪K‬‬             ‫‪Ø‬و‬              ‫دم‬                   ‫ل‬         ‫א‬                     ‫א د‬
        ‫‪ESMTPF‬‬                    ‫א× א‬             ‫ل‬             ‫×‬            ‫‪ª‬א‬            ‫א‬         ‫ً‬
‫א א‪ ª‬א د‬            ‫وא‬        ‫‪Ø‬و ‪ W‬א‬          ‫دא‬        ‫א‬                                        ‫44‬
         ‫א‪Ø‬‬                ‫ل‬       ‫א‬                ‫א‬        ‫א دم א‬            ‫ل ن‬           ‫א‬
                                           ‫‪K‬‬        ‫‪Ø‬و‬       ‫لא× א‬                           ‫א دم א‬
‫ن‬                   ‫‪ Ù‬א‬                                      ‫‪ Ø‬א‬           ‫د‬        ‫א‬
    ‫ل‪K‬‬      ‫א‬                          ‫ن‬                     ‫א‪Ø‬‬        ‫ون‬                ‫د‬
     ‫ل‬          ‫א‬              ‫و‬               ‫א‬    ‫‪ú‬‬             ‫אد א دم‬        ‫ن‬
                                                                                     ‫‪K‬‬       ‫א دم א‬
‫54‬      ‫א א‪ ª‬א د‬   ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬




         ‫ا‬          ‫ا‬
     ‫و‬    ‫دا‬    ‫ا‬
     ‫)‪(Phishing‬‬
‫ א د‬ª‫א א‬               ‫وא‬                 ‫ א‬W ‫و‬Ø                 ‫دא‬                       ‫א‬                                                                     46
       ‫و א‬                                                    ‫و‬Ø                      ‫دא‬                        ‫א‬                    ‫אא‬
                                                     Kª               ‫אد وא‬                   ‫א‬                                                   Ø‫א א‬              ‫وא‬
               ‫א‬ª             ‫א‬             WEPhishingF                               ‫و‬Ø                ‫دא‬                       ‫א‬                 
                ‫لא‬            ‫ضא‬                         ‫و‬Ø                   ‫א× א‬                                                                      ‫وא‬             ‫א‬
           ‫مא‬        ‫و‬                               ‫ و‬ú                       ‫א‬                                           ‫ل‬             ‫א‬                           ‫وذ‬
                                                                                                                                 K             ‫و‬             ‫א‬
               ‫ن‬             ‫و‬Ø            ‫دא‬                 ‫א‬                                             ‫א‬               ‫אא ع‬                     Ú
           Ù ‫و‬                ‫مא‬               ‫دא‬                         ً                        ‫و‬Ø                   ‫א× א‬                        ‫ن‬
                    K  ‫א‬                       ‫א‬                                                                   ‫א‬                 ‫א‬                 ‫א‬ª             ‫א‬
           ‫ن‬         ESpamF                         ‫ א‬Ù                      ‫و‬Ø               ‫א‬                        ‫א لא‬
ª                    ‫א‬                                    ‫و‬Ø                  ‫א× א‬                                                        ‫و‬Ø         ‫دא‬                ‫א‬
‫و‬          ‫א‬                 ‫ وא‬ESMSF Ù                       ‫א‬                   ‫א‬                                                  ‫و א‬Ø               ‫א‬         ‫א‬Ø ‫א‬
‫ن‬             ú              ‫א‬            ‫و‬                                  ‫م‬            ‫ن א‬                     EInstant MessagingF                               ‫א‬
       ‫א‬             ‫و‬Ø                   ‫א× א‬                                    K                                         ‫א‬                           ‫א‬              ‫א‬
                                                          K1                  ‫و‬Ø                   ‫دא‬                       ‫א‬ª                          ً
?ph?               ‫نא‬                          ‫ د‬EHackersF  ‫א‬                                                          ‫א‬        Ø ‫ن وא‬
     ‫א‬                  ‫א‬            ‫א‬                                                                                    ª                        ?f? ú
ª               EPhishingF                          ª                K                                 ‫א‬                   ‫و‬                                    ‫نא‬
                                  K                 ‫دא‬            ‫ א   א‬EfishingF                                                   ‫א‬                      ‫א نא‬
ESpamF                  ‫ א‬Ù               ×‫א‬                     ‫א‬                                 ‫و‬Ø                      ‫دא‬                 ‫א‬

(1) A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and
    Countermeasures", Radix Labs, October 3, 2005.
‫74‬                                                     ‫א א‪ ª‬א د‬                         ‫وא‬                     ‫‪Ø‬و ‪ W‬א‬             ‫دא‬                    ‫א‬


‫א ‬             ‫א‬                                                     ‫א‬                 ‫نא‬                     ‫ً‬                               ‫ن‬
     ‫‪ ª‬א‬              ‫ج‬             ‫ً‬                ‫ذ‬                    ‫و א‬                             ‫א‬             ‫ل‬              ‫א‬
                                                                                    ‫‪KESocial EngineeringF‬‬                                                ‫א‬
          ‫‪ª‬‬                              ‫ن‬        ‫‪Ø‬و‬                ‫دא‬                       ‫א‬
            ‫א‬                                ‫אא×‬                                    ‫אع‬                    ‫و‬                ‫‪ ú‬א‬                   ‫‬
    ‫م و‬          ‫א‬                      ‫‪ú‬‬                 ‫‬                         ‫‪ª‬א‬                    ‫א‬             ‫ل‬             ‫‪ª‬א‬
         ‫א ‪ EVISAF‬א‬                                                ‫‪ª‬א‬                ‫‪ª‬א‬                    ‫و‬                       ‫א‬                     ‫א‬
                                                 ‫ً‪K‬‬                             ‫א‬                         ‫ل‬         ‫وא‬                      ‫ض‬
‫ن‬               ‫‪Ø‬و‬                                    ‫‪Ø‬و‬                   ‫دא‬                    ‫א‬                                ‫ل‬
‫‪ESMTPF‬‬           ‫א× א‬                    ‫ل‬                 ‫ً ن‬                           ‫ذ‬                ‫א ‪? ú‬س?‪ K‬و‬
‫و ن‬                             ‫אن א‬            ‫ن‬                 ‫‪EAuthenticationF‬‬                                      ‫א‬
‫א‬    ‫‪ K‬و‬        ‫אن א‬                                         ‫א‬                                          ‫א‬
‫م‬        ‫‪ú‬‬       ‫א‬             ‫ق‬            ‫א‬             ‫ً‬                ‫ً‬            ‫ً‬                 ‫אً‬                 ‫א‬                ‫א ل‬
‫‪Ù‬‬     ‫א×‬              ‫אم‬             ‫א‬                     ‫‪? ú‬س?‪ K‬و‬                                  ‫א‬                        ‫ن‬                        ‫א‬
      ‫‪Ø‬و ‪K‬‬            ‫و א× א‬                                        ‫د‬                            ‫א‬                       ‫‪ESpamF‬‬                         ‫א‬
‫‪ª‬‬                          ‫אع א‬                                                ‫א‬                          ‫‬                 ‫‪ú‬‬
            ‫‪ ú‬وذ‬           ‫א‬                    ‫‪Ø‬و‬                ‫א‬            ‫× א‬                            ‫א‬                       ‫ل‬                ‫א‬
                      ‫א‬         ‫‪ú‬א×‬                  ‫א‬                    ‫‪EStyleF‬‬                                                                      ‫א‬
      ‫‪ ELogoF ú‬و‬                ‫א‬                    ‫س ‪ ELook and FeelF‬وو‬                                                   ‫وא‬             ‫א‬
                                                                                                                                   ‫‪KEslogansF‬‬
‫ن‬      ‫א د‬                  ‫א‬            ‫‬            ‫‬                              ‫א אع א  א‬
‫ א د‬ª‫א א‬                  ‫وא‬                 ‫ א‬W ‫و‬Ø                       ‫دא‬                    ‫א‬                                                                        48
                            ‫ و‬ª                        ‫א‬                                                          ‫א‬ª                ‫א‬           ‫ل‬                ‫א‬ª ‫و‬
    ‫و‬                     ‫אא א‬                   ‫ن‬            ‫و‬                                 ‫د‬                ‫د  א א א‬                                    ‫ذج א‬          ‫א‬
          ‫א‬                                                    ‫א‬ú               ‫א‬                                                                              ESpoofedF
          ‫ن‬                          ‫و‬            ‫و‬ú                   ‫א‬               ‫א‬             ‫ وو‬ELook                  and FeelF ‫س‬                                   ‫وא‬
               ‫א‬          ‫א‬             Ø‫א‬                        ‫و‬                        ‫و‬Ø                ‫א‬        ‫א א‬                                           ‫א‬        ‫א‬
        ‫א א‬                    ‫א‬             -                 ‫و‬                           EHypertext Markup Language – HTMLF
ú ‫ً وא‬                         ً‫א‬                              ‫و‬Ø                  ‫א‬            ‫א‬                             ‫و‬                           ‫و א‬Ø               ‫א‬
        ‫ وذ‬ú               ‫א‬                                              ú‫د‬                             ‫א‬            ‫אع א‬                    ‫و‬                        ‫ذ‬
    ‫م‬               ‫א‬     ‫نא‬                      ‫א د‬                         ‫و‬Ø                    ‫א‬ª                ‫א‬               ‫ل‬               ‫א‬ª
                                                                                                                            K                       ‫א‬                 ‫א‬       ‫و‬
                     ‫ و‬EformF ‫ذج‬                               ‫ود‬                                ‫و‬Ø               ‫א× א‬                          ‫ن‬
‫ذج‬              ‫א‬                ‫و‬                     ‫א‬                                                         ‫א‬                        ‫و‬                                 ‫א‬
        ‫و‬Ø           ‫א× א‬                       ‫א‬                                  ‫א‬                             ‫אن‬                                           ‫ א‬ª
                                              KEWeb-based E-Mail – webmailF  ‫א‬                                                                             ‫א‬              ‫א‬
                    ‫א‬ª                    ‫א‬                ‫א‬                                ×‫א‬                    ‫ نא‬                          ‫ א ل א‬
         ‫א‬                          ú            ‫א‬           ‫ذ‬                ً                ‫ن‬                ‫ ن‬ú‫د‬                                      ‫ذ‬                 ‫وא‬
                                                       K               ‫א‬                        ‫دא‬                ‫א‬Ë                ‫א‬                   ‫א‬ª                ‫א و‬
‫د‬                    ‫א‬                                                ‫א‬                            ‫א‬                     ‫א‬                           ‫א‬
                                                                                                                                                W1                ‫و‬Ø           ‫א‬
                    ‫و‬          ú                                  ‫ א‬ª                                          ¯ ‫ن‬                                             J

(1) A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and
    Countermeasures", Radix Labs, October 3, 2005.
‫94‬                                                                    ‫א א‪ ª‬א د‬                      ‫وא‬                        ‫‪Ø‬و ‪ W‬א‬           ‫دא‬        ‫א‬


        ‫‪K‬‬              ‫دא‬                ‫و‬                ‫אم א ‬                                        ‫א‬                                     ‫ز‬        ‫א‬
            ‫و ض‬                          ‫‬         ‫‪ú‬‬                  ‫‬                     ‫‪ ª‬א‬                   ‫ن‬                                ‫‪J‬‬
                                                                               ‫‪Kª‬‬                            ‫א‬                                  ‫‬         ‫א‬
                           ‫א‬            ‫و‪Í‬‬                                ‫א‬                   ‫‪ ª‬و‬                                                 ‫‪J‬‬
                                 ‫‪K‬‬        ‫א‬                ‫אא‬                                       ‫دא‬                           ‫א‬                ‫و ود א‬
‫‬               ‫‪ ª‬א‬         ‫א‬                             ‫‪Ù Ù‬‬                 ‫ل‬                                                                    ‫‪J‬‬
                                                           ‫ א א ‪KÙ‬‬                                      ‫א‬                     ‫و ود א‬
            ‫و ض‬                      ‫‪ú‬‬             ‫‬                                ‫‪ª‬‬                     ‫ول‬                                        ‫‪J‬‬
            ‫‪K‬‬             ‫ً ‪Ø‬‬                      ‫א‬                   ‫ل‬                    ‫א‬                 ‫ً‬            ‫ً‬                             ‫א‬
‫و‬                                                      ‫א‬                   ‫ن‬                         ‫‪ª‬א‬                ‫א‬                            ‫‬
                  ‫ل‬         ‫ًא‬                    ‫دون?‬               ‫?א‬                             ‫وא ‬                              ‫‪ª‬א‬            ‫א‬
                                                                                        ‫‪K‬‬                ‫و‬                         ‫‪ª‬‬            ‫‬         ‫א‬
                       ‫‪W‬‬         ‫א‪ ª‬א‬              ‫‪Ø‬و  א‬                      ‫دא‬                        ‫‪ª‬א‬                                 ‫א‬
                                                           ‫‪Ø‬و ‪K‬‬                ‫دא‬                    ‫א‬             ‫‬                    ‫א‬       ‫1‪J‬‬
                                                                                                 ‫‪K‬‬            ‫א‬           ‫א‬                   ‫2‪J‬‬
        ‫אم‬                  ‫ن‬                  ‫و‬                 ‫א‬                 ‫א‬                                          ‫ل‬                ‫3‪J‬‬
                                                           ‫‪.ESpamF‬‬                          ‫‪ Ù‬א‬                       ‫א‬
    ‫א א‬               ‫و‬              ‫א‬             ‫ن‬                  ‫א و‬                                         ‫א‬              ‫د‬            ‫4‪J‬‬
    ‫‪K‬‬            ‫א‬        ‫ א‬              ‫‪ ª‬א‬                ‫א‬                          ‫و‬                      ‫دא‬                 ‫א‬
‫‪ª‬‬                      ‫ن‬                               ‫و‬               ‫‪ª‬א‬                       ‫نא‬                     ‫دون‬              ‫א‬       ‫5‪J‬‬
                                                                                                                       ‫‪K‬‬                ‫א‬
    ‫א א‪ ª‬א د‬      ‫وא‬             ‫‪Ø‬و ‪ W‬א‬        ‫دא‬           ‫א‬                                              ‫05‬
      ‫א×‬                 ‫‪Ø‬و‬         ‫دא‬              ‫‪ª‬א‬           ‫‬           ‫1א א‬              ‫א‬
‫ن? ‬       ‫א‬       ‫?‬                                 ‫‪ E1-3F‬א  ز‬                     ‫א‬                ‫‪Ø‬و‬        ‫א‬
‫א‬       ‫? وو‬            ‫א‪Ø‬‬            ‫ز ‪?W Ú‬‬                                   ‫? و ن א‬                ‫‪?ú‬‬
                         ‫א‬        ‫ن‬         ‫א‬         ‫وא‬                 ‫א‪Ø‬‬                    ‫ل‬           ‫א ً‬
‫س ‪look and F‬‬                 ‫وא‬       ‫א‬                          ‫?א‬      ‫?‬
                        ‫‪KE2-3F‬‬             ‫א‬         ‫א ‪ú‬‬                    ‫‪ EstyleF‬وو‬               ‫‪ Efeel‬وא‬




               ‫ﺷﻜﻞ )3-1( ﺭﺳﺎﻟﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺍﳌﻨﺘﺤﻠﺔ ﳌﺼﺮﻑ "ﺳﺎﻣﺒﺎ"‬




     ‫א ض‬          ‫א ×‬         ‫د ?‬        ‫א ¯א‬   ‫א‬                ‫‪Ø‬و א‬   ‫دא‬      ‫א‬         ‫د‬               ‫‪? E 1 F‬و‬
                         ‫6002م ‪ J‬א د 81731‪K‬‬                ‫6241 ‪14 J‬‬           ‫ذ א‬    ‫41‬           ‫א‬   ‫د‬    ‫א‬
‫15‬                                               ‫א א‪ ª‬א د‬   ‫وא‬       ‫‪Ø‬و ‪ W‬א‬             ‫دא‬             ‫א‬


‫ً‬            ‫و‬    ‫وא‬                  ‫د‬    ‫‪ ú‬نא‬              ‫ق‬   ‫א‬       ‫א‬            ‫ذא د‬
      ‫א‬                ‫א‬              ‫א‬      ‫א‬                                 ‫قא‬         ‫א‬         ‫א‬
‫ق‬     ‫א‬      ‫نא‬                ‫‪Esamba.comF‬‬               ‫ ‪ú‬‬              ‫قא‬        ‫א‬         ‫א و ‪K‬א‬
    ‫א و ذ‬                 ‫ق‬      ‫א‬       ‫‪   Esambaonlineaccess.comF‬א‬                 ‫א و‬
      ‫و‬           ‫‬             ‫ل א‬        ‫‪ EonlineaccessF‬و  א‬           ‫‪ ú‬وذ‬                ‫א‬       ‫א‬
                                                                      ‫‪K‬‬    ‫א‬                  ‫ً‬        ‫א‬




                           ‫ﺷﻜﻞ )3-2( ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺳﺎﻣﺒﺎ"‬
‫א א‪ ª‬א د‬        ‫وא‬            ‫‪Ø‬و ‪ W‬א‬        ‫دא‬            ‫א‬                                      ‫25‬
‫א و‬        ‫א‬             ‫א‬         ‫و‬                ‫א‬        ‫‬       ‫‪E3-3F‬‬                 ‫א‬
                                                                                  ‫‪K‬‬           ‫א‬    ‫وא‬




                         ‫ﺷﻜﻞ )3-3( ﺍﳌﻮﻗﻊ ﺍﻷﺻﻠﻲ ﳌﺼﺮﻑ "ﺳﺎﻣﺒﺎ"‬


   ‫ً ن א‬                  ‫ض?‪ K‬و‬            ‫‪? ú‬א‬                    ‫و‬         ‫‬           ‫ل‬
       ‫א‬            ‫‪ú‬‬                  ‫א‬         ‫א‬           ‫‪E4-3F‬‬                  ‫א‬          ‫א و‬
                                ‫س‪K‬‬            ‫وא‬       ‫وא‬      ‫وא‬         ‫א‬                   ‫‪E5-3F‬‬
       ‫ق‬         ‫א‬       ‫‪ Eriyadbank.comF W‬وא‬                   ‫א‬         ‫ق‬           ‫א‬       ‫א‬
                                                                ‫‪KEriyadonlin.net.msF‬‬                ‫א‬
‫35‬                        ‫א א‪ ª‬א د‬   ‫وא‬         ‫‪Ø‬و ‪ W‬א‬    ‫دא‬    ‫א‬


              ‫‪Ø‬و ?‬       ‫دא‬       ‫א‬        ‫‪?W‬‬      ‫‬
‫‪ª‬‬    ‫د א‬   ‫א א‪ ª‬א‬   ‫א‬        ‫‬       ‫و‬         ‫ل  و א א‬       ‫א‬
                              ‫‪ ú‬א א א و ‪K‬‬               ‫א‬    ‫وא‬




           ‫ﺷﻜﻞ )3-4( ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺍﻟﺮﻳﺎﺽ"‬
‫א א‪ ª‬א د‬           ‫وא‬         ‫‪Ø‬و ‪ W‬א‬        ‫دא‬                ‫א‬                                  ‫45‬




                          ‫ﺷﻜﻞ )3-5( ﺍﳌﻮﻗﻊ ﺍﻷﺻﻠﻲ ﳌﺼﺮﻑ "ﺍﻟﺮﻳﺎﺽ"‬


‫و א א ل‬                 ‫‪Ø‬و‬   ‫دא‬         ‫א‬        ‫א‬               ‫ً‬    ‫‪E6-3F‬‬            ‫א‬    ‫و‬
‫ق‬      ‫א‬                  ‫ق ‪ Esabb.net.msF‬א‬           ‫א‬           ‫א و א‬      ‫ ‪  K?ª ? ú‬א‬
‫א و‬            ‫ً ن א‬             ‫‪ KE7-3F‬و‬                ‫א‬               ‫‪Esabb.comF‬‬        ‫א‬
           ‫س‪K‬‬            ‫وא‬   ‫وא‬         ‫وא‬                ‫א‬                      ‫א‬      ‫א‬
‫55‬               ‫א א‪ ª‬א د‬   ‫وא‬       ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬




     ‫ﺷﻜﻞ 3-6 ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺳﺎﺏ"‬




     ‫ﺷﻜﻞ)3-7( ﺍﳌﻮﻗﻊ ﺍﻷﺻﻠﻲ ﳌﺼﺮﻑ "ﺳﺎﺏ"‬
‫ א د‬ª‫א א‬                ‫وא‬                    ‫ א‬W ‫و‬Ø            ‫دא‬              ‫א‬                                                56
        ‫א‬                          ‫ و‬Echat roomsF ‫ د‬Ò‫ א‬ú                                ‫א‬             Û1            ‫د א‬
‫د‬                   ‫א‬ª             ‫ن‬ª                       EphishersF ‫دون‬                  ‫א‬                  ‫א  א ن‬
ª           ‫א‬               ‫نو א‬                           ‫وא‬                                         ‫م‬                     ‫و‬Ø          ‫א‬
EphishersF ‫د‬                       ‫א‬                                            ‫ل‬                                          ‫ص‬
                      EhackersF                            ‫ وא‬EspammersF                       ‫ א‬Ù                    ‫א‬             ‫و‬
‫ل‬           ‫א‬            ª                          ¯                                   ‫א א‬                ª        ‫ و‬Kª           ‫א‬
        EcashersF                       Ò‫ وא‬EcollectorsF                         Ó‫ وא‬EmailersF                                        ‫א‬
                                                                                                           W       ‫א‬ú
EspammersF                        ‫ א‬Ù                       ‫א‬                        ‫ و‬WEMailersF ‫ن‬                    ‫ א‬J
Ù                    ‫א‬                 ‫د‬        ‫ل‬                                ‫א‬                   ‫ א‬EhackersF ‫ن‬                ‫و א‬
                                                                      KEfraudulent emailsF ‫ل‬                   ‫א‬ú                      ‫א‬
     ‫وא א א‬                           ‫ א‬EhackersF ‫ن‬                    ‫א‬           WECollectorsF ‫ن‬               Ó‫ א‬J
                      ‫ل وא‬                             ‫ضא‬             Efraudulent          websitesF              ‫א‬        ‫و‬Ø          ‫א‬
     ‫א א‬                                                             ‫ א‬Ù            ×‫א‬               ‫א‬                                 ‫א‬
                K             ‫א‬            ‫א‬            ‫و‬        ‫א و‬            ‫م و‬            ‫א‬                  ª              ‫و‬
    EmailersF                     ‫א‬           ‫ون‬                                       Ó‫ن א‬           ‫א א‬                   ‫و‬
                                                    K            ‫ א‬Ù                 ‫لא‬              ً‫ً د‬          ‫ن‬                  ‫و‬
    ‫א و‬                     ‫א‬ª            ‫א‬            ‫ن‬                    ‫א‬       ‫ و‬WECashersF ‫ن‬                Ò‫ א‬J

(1) Christopher Abad, “The economy of phishing: A survey of the operations of the
    phishing market”, First Monday, volume 10, number 9, September 2005,
    (http://firstmonday.org/issues/issue10_9/abad/index.html). M. Jakobsson, S. Myers,
    “Phishing and Countermeasures: Understanding the Increasing Problem of Electronic
    Identity Theft”, Wiley, 2007.
57                                                               ‫ א د‬ª‫א א‬                    ‫وא‬                      ‫ א‬W ‫و‬Ø                     ‫دא‬                 ‫א‬


ª                           ‫ق‬               ‫ل‬                    ‫א‬               ‫و‬K                   ‫א‬                  ‫و‬                      Ó‫א‬
         ‫א‬                  ‫م‬                                            ª                ª                ‫و‬                           ‫א ن‬ª
‫א‬        ‫ و א‬EAutomated Teller Machine – ATMF                                                      ‫ א‬ú‫א‬                       ‫א‬                                    ‫א‬
                                                                                                                                   K              ‫א‬                ‫وא‬
                    Ó‫א‬                   ‫א د א‬                                 ‫و ن‬                   ‫ن‬                          ‫א‬                  ‫و‬
               K         Ò‫א‬              ‫ א‬ª ‫א و‬                                                  ‫و‬                ‫א و‬                          ‫א‬ª                ‫א‬
ª            ‫د א‬                                     ‫א‬                               ‫و‬                         ‫א‬                            ‫א د א‬                ‫א‬
ª            ‫א‬                     Ò‫א‬                   ً                       ‫و‬                             ‫א‬                                     ‫א ود و‬
                  ‫ א‬ª              ª                        ‫ א‬ª                    ‫א‬                                               ‫ א‬ª                        ‫وא‬
                                                                                                                                                       K           Ó‫א‬
    ‫و‬Ø             ‫دא‬               ‫א‬ª              ‫ن‬                        ‫אو‬                   ‫א א‬
               Í ‫א‬                  ‫א‬          ‫א‬ª                   ‫א‬                                              ª                                 ‫وא‬
     ‫א‬                  ‫א‬Í                     ‫و‬Ø               ‫א‬Í ‫א‬                                              ‫ن‬
                                                                                                                                  KEInternet worldF
    ً‫א‬             ً          ‫م‬                 ‫و‬Ø               ‫دא‬                   ‫א‬                                                ‫א‬             ‫א‬
ª                      ‫ًא‬                      Ë                        ‫و‬           ‫و‬Ø            ‫א‬                      ‫א‬ª                     ‫א‬            ‫א‬
             ‫אن א‬               K           ‫א‬                ‫א‬               ‫و‬            ª                    ‫ א‬                         ‫א‬ª                     ‫وא‬
ESecure             Socket Layer – SSL CertificatesF                                                   ‫ א‬ª‫دא‬                           ‫ وא‬EFirewallsF
    Ù ‫و‬           (Intrusion Prevention Systems – IPS rules) ‫אق‬Ø                                                      ‫א‬                                    ‫و א‬
         ‫قא‬            ‫لא‬           ‫א‬            ‫ن‬                                        ‫א‬                ‫א‬              ‫א‬                  ‫א‬             ‫و‬
                                      ‫وא‬                    ‫وא‬                 ‫א‬             ‫א‬                         ‫ × א‬Eonline trustF
 ‫ א د‬ª‫א א‬             ‫وא‬                 ‫ א‬W ‫و‬Ø                ‫دא‬                ‫א‬                                                                  58
Ù                      ‫א‬                         ‫א‬                                           ‫وא‬                   ‫א‬                ‫א‬ª             ª
       ‫مא دא‬                ‫و‬         ‫א‬                   ‫×א‬         ‫א‬                               ‫ل א‬                 ‫א‬                         ‫א‬
                            Kª                ‫وא‬           ‫א‬        ‫ل‬                    ‫א‬            ‫و‬                   Ù ‫و‬                 ‫× א‬
The Anti-Phishing                F        ‫و‬Ø           ‫دא‬                 ‫א‬                                        ‫א‬
ª              ‫א‬                                                                                K1 EWorking Group – APWG
                            ‫א‬                     ‫لא‬        ‫ א אع وא‬ª                                                              ‫ذא א‬
                                                                                                                       K ‫و‬Ø              ‫دא‬                   ‫א‬
           ‫א‬                                               ‫م 7002 א‬                                ×                           2           
 W        ‫א‬        ‫ذ‬                     ‫א‬            Ó‫ن א‬                   EAPWGF ‫و‬Ø                                        ‫دא‬          ‫א‬
                                                                K‫د‬            ‫א‬                                ً           28074 •
ª                 ‫و‬Ø                ‫א‬                               ‫و‬Ø                       ‫א‬                ً           23630 •
                                                                                                                                               K
          ª                                      Ebrand hijackF                                  Ë                                178 •
      ‫و‬                     ‫وא‬                                                                       ‫ و א א‬K ‫و‬Ø                         ‫دא‬                   ‫א‬
                                                                                                           K           ‫א‬                       ‫א א‬
          ª        ‫א‬                     ‫א‬           ‫و‬Ø        ‫دא‬                    ‫א‬                 ‫ع‬                           34.3   •
‫ل‬         KEdomain              namesF ª                             Ú                                             ‫و‬Ø                  ‫א‬                ‫وא‬
                                                                                                                                   KExyzbank.comF


(1)   The Anti-Phishing Working Group, www.apwg.com.
(2)   Phishing Activity Trends, Report for the Month of November, 2007, Anti-Phishing
      Working Group (APWG), apwg.org
‫95‬                                                                ‫א א‪ ª‬א د‬                      ‫وא‬                   ‫‪Ø‬و ‪ W‬א‬                    ‫دא‬        ‫א‬


       ‫‪ª‬‬            ‫א‬                   ‫א‬       ‫‪Ø‬و‬               ‫دא‬                    ‫א‬                     ‫ع‬                             ‫6‬    ‫•‬
                    ‫ل ‪KE10.212.21.33F‬‬                         ‫‪K‬‬                     ‫و‬                                      ‫‪Ø‬و‬                   ‫وא  א‬
                                        ‫‪K‬‬                              ‫א‬           ‫א‬                ‫ل‬                    ‫م‬                     ‫•‬
                                                          ‫‪K‬‬                     ‫‬                         ‫ل‬                    ‫ً‬           ‫•03‬
‫‪ª‬‬               ‫‬           ‫قא و‬                 ‫א‬                    ‫א‬               ‫‪ ª‬א‬                  ‫د א‬              ‫• אزد د‬
                                                                                                                  ‫‪K‬‬                    ‫א‬             ‫א‬
      ‫‬                  ‫8.39‬                         ‫אً‬               ‫א‬                 ‫א‬            ‫‪ ª‬א‬                     ‫א‬                ‫•‬
                                                                                                      ‫‪K‬‬               ‫א‬                    ‫‪ª‬א‬            ‫א‬
‫אدم‬        ‫دא‬           ‫‬                   ‫א‬         ‫‪ ª‬א‬                  ‫א‬                ‫א‬                             ‫א‬               ‫• ذ‬
                                                ‫12.42‬                                   ‫‪Ø‬و‬                ‫دא‬                    ‫א א‬                     ‫א‬
      ‫‪Ø‬و‬        ‫دא‬              ‫‪ª‬א‬                    ‫د‬           ‫‪E8-3F‬‬                                       ‫א‬                    ‫א‬             ‫•‬
‫א م‬                                 ‫א‬           ‫× 6002‬                                                ‫لא ‪Ø‬‬                                               ‫א‬
                                                                                                                                                 ‫7002‪K‬‬
      ‫‪Ø‬و‬        ‫دא‬                  ‫א‬           ‫د א‬               ‫‪E9-3F‬‬                                       ‫א‬                 ‫א‬                ‫•‬
‫א م‬                             ‫א‬               ‫× 6002‬                                  ‫لא ‪Ø‬‬                      ‫ً‬                             ‫א‬        ‫א‬
                                                                                                                                                 ‫7002‪K‬‬
                ‫‪ª‬‬            ‫אع א‬                    ‫ع‬                                     ‫ول ‪ E1-3F‬א‬                             ‫א‬             ‫•‬
                                                                   ‫‪Ø‬و  ‪K‬‬                             ‫دא‬                   ‫‪ª‬א‬                   ‫א‪ú‬‬        ‫א‬
      ‫‪Ø‬و ‪K‬‬          ‫دא‬        ‫א א‬                     ‫א‬           ‫א و ‬                      ‫א ول ‪ E2-3F‬א ول א‬                                   ‫•‬
‫א א‪ ª‬א د‬    ‫وא‬       ‫‪Ø‬و ‪ W‬א‬   ‫دא‬      ‫א‬                            ‫06‬




‫ﺷﻜﻞ )3-8( ﻋﺪﺩ ﺑﻼﻏﺎﺕ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺍﳌﺴﺘﻠﻤﺔ ﺷﻬﺮﻳﺎﹰ ﺧﻼﻝ ﺍﻟﻔﺘﺮﺓ ﻣﻦ ﺷﻬﺮ‬
                  ‫ﻧﻮﻓﻤﱪ 6002 ﺇﱃ ﺍﻟﺸﻬﺮ ﻧﻔﺴﻪ ﻣﻦ ﺍﻟﻌﺎﻡ 7002‬




‫ﺷﻜﻞ )3-9( ﻋﺪﺩ ﻣﻮﺍﻗﻊ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺍﳉﺪﻳﺪﺓ ﺍﳌﻜﺘﺸﻔﺔ ﺷﻬﺮﻳﺎﹰ ﺧﻼﻝ ﺍﻟﻔﺘﺮﺓ ﻣﻦ‬
                   ‫ﻧﻮﻓﻤﱪ 6002 ﺇﱃ ﺍﻟﺸﻬﺮ ﻧﻔﺴﻪ ﻣﻦ ﺍﻟﻌﺎﻡ 7002‬
‫16‬                               ‫א א‪ ª‬א د‬            ‫وא‬            ‫‪Ø‬و ‪ W‬א‬          ‫دא‬             ‫א‬

‫ﺟﺪﻭﻝ )3-1( ﻗﺎﺋﻤﺔ ﺍﻟﻨﺴﺐ ﻟﻜﻞ ﻧﻮﻉ ﻣﻦ ﺃﻧﻮﺍﻉ ﺍﳌﻨﻈﻤﺎﺕ ﻣﻦ ﺣﻴﺚ ﺍﺳﺘﻬﺪﺍﻑ ﻋﻤﻠﻴﺎﺕ‬
                                         ‫ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﳍﺎ‬
 ‫ﺍﻟﻨﺴﺒﺔ ) (‬                             ‫ﻧﻮﻉ ﺍﳌﻨﻈﻤﺔ‬
   ‫8.39‬                                      ‫‪EFinancial ServicesF‬‬               ‫‪ ª‬א‬           ‫א‬

     ‫8.2‬                                                            ‫‪ERetailF‬‬                   ‫א‬
     ‫2.2‬                                          ‫א  ‪EISPF‬‬                ‫א‬             ‫ودو‬
     ‫2.1‬            ‫‪EGovernment & MiscellaneousF‬‬                   ‫‪ª‬א‬      ‫א‬        ‫و‬          ‫א‬


‫ﺟﺪﻭﻝ )3-2( ﻗﺎﺋﻤﺔ ﺍﻟﺪﻭﻝ ﺍﻟﻌﺸﺮ ﺍﻷﻭﱃ ﰲ ﻧﺴﺒﺔ ﺍﺳﺘﻀﺎﻓﺔ ﻣﻮﺍﻗﻊ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻹﻟﻜﺘﺮﻭﻧﻴﺔ‬
      ‫ﺍﻟﻨﺴﺒﺔ ) (‬                                      ‫ﺍﻟﺪﻭﻟﺔ‬              ‫ﺍﻟﺘﺮﺗﻴﺐ‬
       ‫12.42‬                                                   ‫א‬           ‫1‬
       ‫58.32‬                        ‫א‬      ‫‪ ª‬א‬                ‫א‬               ‫2‬
       ‫93.9‬                                                ‫א‬                  ‫3‬
       ‫60.8‬                                                ‫و‬                   ‫4‬
       ‫46.4‬                                                                    ‫5‬
       ‫35.3‬                                                ‫و‬                   ‫6‬
       ‫14.3‬                                                ‫‬                   ‫7‬
       ‫24.2‬                                       ‫א‬                            ‫8‬
       ‫74.1‬                                  ‫א‬            ‫א‬                  ‫9‬
       ‫74.1‬                                                                    ‫01‬
    ‫ א د‬ª‫א א‬                ‫وא‬                  ‫ א‬W ‫و‬Ø              ‫دא‬                       ‫א‬                                                           62
                ‫א‬                ‫ א‬ª                 ‫א‬                      ‫نא‬                        EGartnerF                      1× 
3.2         2007 ‫ م‬                                                   ‫א‬                      ‫و‬Ø                 ‫دא‬              ‫א‬ª                         ‫א‬
      ‫و‬Ø            ‫دא‬                     ‫א‬ª                  ً                 ‫ًא‬                             ‫א‬          ‫و‬K                       ‫دو‬
ª           ‫א‬ª                                                       ‫ א‬ª                          ‫وא‬                  ‫א‬ª                  ‫א‬ª
ú          ‫א‬                ‫ل‬                  ‫א‬ª              ú                 ‫א‬                                                    ‫א‬        ‫و‬           ‫א‬
                                                                              K                        ‫א‬ª               ‫א‬ª
‫م‬                                                                ‫ع‬                       ‫א‬                ً‫א‬               ً          × ‫وذ א‬
ª               ‫ن‬                                 ‫א‬              ‫ א‬ª                         ‫א‬                       4500                           2007
                                       2007 ‫م‬                    ‫×א‬                      ً                                      ‫و‬Ø            ‫دא‬          ‫א‬
       ‫د‬             ‫א‬                     ‫א‬              ‫א‬          ‫صא‬                            ‫א‬             K 3,3                                      ‫א‬
‫د‬               ‫א‬                                                                 ‫א‬                                             ‫و‬Ø          ‫א‬    ×‫א‬
                                  ‫مא‬            ‫א‬                                    ‫א‬                          2.3                                 ‫و‬Ø     ‫א‬
           ª                           ‫א‬             ً‫א‬         2005 ‫א م‬                                        2.9                             ‫6002 و‬
                                                                                                                       .EGartnerF

        ‫ א‬ª                  ‫عא‬                                      ‫وא‬                     2?PayPal? ‫ن‬               ً            × ‫א‬            ‫وذ‬
ً                        ‫א‬                                ‫א‬                                   ‫عא‬                                  ‫? 3 وא‬eBay?‫و‬
                                                               KEbrand spoofingF                                        ‫א‬                  ‫لא‬       ‫א‬ª
                    ‫א ع א‬                     ‫א ول‬             ‫و‬Ø            ‫دא‬                        ‫א‬ª                           ‫ن‬          ¯

(1) Media Relations, 2008 Press Releases, Gartner, “Gartner Survey Shows Phishing
    Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks”, 05-March-
    2008, (http://www.gartner.com/it/page.jsp?id=565125).
                                                              K ‫و‬Ø        ‫א‬           ‫ א‬ª                      ‫ وא‬ª            ‫ א‬                      E2F
                                                               K  ‫א‬                  ‫א‬                                         ‫א‬                        E3F
63                                            ‫ א د‬ª‫א א‬        ‫وא‬            ‫ א‬W ‫و‬Ø          ‫دא‬               ‫א‬


     J ‫دون‬          ‫א‬          ‫  א א ع‬KESocial EngineeringF                                     ‫א‬       ‫א‬
‫ل‬    ‫א‬        ‫אم‬               ‫و‬Ø        ‫دא‬              ‫א‬ª                       ‫-א‬                ‫א‬       ‫ذ‬
                  ‫א و א‬       ‫א א‬                ‫א‬            Espoofed   emailF                           ‫א‬
ª        ‫א‬                  ‫אع א‬               ‫א‬              ‫ذج‬              ‫و‬                         ‫א‬
                                                                               K         ‫وא‬                   ‫א‬
              ‫א ع א‬                ‫و‬Ø    ‫دא‬              ‫א‬ª                        ‫א عא‬
    ‫ع א‬       ‫دون  א א ع‬                ‫ و م א‬Etechnical subterfugeF                        ‫א‬                ‫א‬
             ‫א‬ª         ‫א‬                                        ‫א‬        ESpywareF
‫ل‬     ‫א‬ª            ً                                        ‫د‬       ‫א‬                 ‫و‬                   ‫وא‬
                                                                                        K1                    ‫א‬




                                                    Anti-Phishing Working Group, apwg.org. E1F
‫א א‪ ª‬א د‬   ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬   ‫46‬
‫56‬                              ‫א א‪ ª‬א د‬   ‫وא‬      ‫‪Ø‬و ‪ W‬א‬     ‫دא‬      ‫א‬




                            ‫ا ا‬             ‫ا‬
                 ‫و‬          ‫دا‬              ‫ا‬           ‫أ‬
                 ‫)‪(Phishing Techniques‬‬

                  ‫ﺗﺴﻤﻴﻢ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ )‪(DNS Poisoning‬‬      ‫•‬

              ‫ﺗﺴﻤﻴﻢ ﻣﻠﻒ ﺍﳋﻮﺍﺩﻡ ﺍﳌﻀﻴﻔﺔ )‪(Hosts File Poisoning‬‬    ‫•‬

   ‫ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺑﻮﺍﺳﻄﺔ ﺣﻘﻦ ﺍﶈﺘﻮﻯ )‪(Content Injection‬‬        ‫•‬

   ‫ﻫﺠﻤﺔ ﺍﻟﺮﺟﻞ ﰲ ﺍﻟﻮﺳﻂ )‪(Man-in-the-Middle Attack – MITM‬‬         ‫•‬

                        ‫ﺗﺸﻮﻳﺶ ﺍﻟﻌﻨﻮﺍﻥ )‪(Address Obfuscation‬‬     ‫•‬

 ‫ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﺍﻟﱪﺍﻣﺞ ﺍﳋﺒﻴﺜﺔ )‪(Malware Attack‬‬        ‫•‬

‫‪Search Engine‬‬   ‫ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﳏﺮﻛﺎﺕ ﺍﻟﺒﺤﺚ )‬          ‫•‬

                                                               ‫‪(Phishing‬‬
‫‪The Popup‬‬   ‫ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳـﻖ ﺍﻟﻨﻮﺍﻓـﺬ ﺍﳌﻨﺒﺜﻘـﺔ )‬       ‫•‬

                                                                ‫‪(Attack‬‬
                      ‫ﺷﺮﻳﻂ ﺍﻟﻌﻨﻮﺍﻥ ﺍﳌﺰﻳﻒ )‪(Fake Address Bar‬‬     ‫•‬
‫א א‪ ª‬א د‬   ‫وא‬   ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬   ‫66‬
‫76‬                                                                ‫א א‪ ª‬א د‬                  ‫وא‬                 ‫‪Ø‬و ‪ W‬א‬             ‫دא‬             ‫א‬


                          ‫‪Ø‬و ‪K‬‬           ‫دא‬               ‫א‬                  ‫א‬                  ‫א‬              ‫אא‬
                  ‫4.1 ﺍﻷﺳﻠﻮﺏ ﺍﻷﻭﻝ: ﺗﺴﻤﻴﻢ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ )‪(DNS poisoning‬‬
‫م‬            ‫‪ª‬ن‬                  ‫אא‬                   ‫‪K‬‬           ‫א‬             ‫א‬        ‫ً ‪EPharmingF‬‬                               ‫و‬
‫– ‪Domain Name Server‬‬                          ‫‪Fª‬‬              ‫دم ‪ Ú‬א‬                                ‫‪  EhackerF ª‬م‬                               ‫א‬
                                                                                             ‫‪Kª‬‬                                ‫‪ EDNS‬وא‬
‫‪ª‬‬                ‫א‬                    ‫‪EDNSF ª‬‬                    ‫م‪ Ú‬א‬                       ‫ً ن‬                          ‫ذ‬
                            ‫‪ª‬‬            ‫אدم ‪ Ú‬א‬                                         ‫ن‬        ‫و‬             ‫א ‬                               ‫א‬
                  ‫א‬         ‫‪ª‬و و‬                    ‫‪ Ú‬א‬                         ‫א‬        ‫م‬          ‫‪ ª‬אא‬                            ‫‪K‬‬
‫ن‬                                                   ‫دم א אد א‬                               ‫אن א‬           ‫א‬
‫‪- 4F‬‬                       ‫א‬            ‫א ل‬                         ‫א  ‪K‬‬                                           ‫א‬            ‫د‬             ‫א‬
    ‫‬                 ‫א‬               ‫אن א‬        ‫د ‪ Ewww.ksu.edu.saF‬א‬                                    ‫א‬         ‫ق‬                 ‫1‪ E‬א‬
             ‫د و‬                     ‫ن‬                                ‫‪ª‬א‬             ‫‪ E213.230.10.197F‬و‬
                                                                       ‫‪Kª‬‬                ‫אدم ‪ Ú‬א‬                          ‫م‬
                      ‫א‬          ‫د‬            ‫‬           ‫‪Ù‬א و א‬                         ‫‪ª‬‬                                ‫نא‬
‫ً‬            ‫م‬                   ‫دم א‬             ‫ذא ن‬            ‫د‬                 ‫א‬                ‫ ل‬                  ‫‪K‬‬                 ‫א‬
‫ن‬            ‫ً‬              ‫د‬                 ‫א‬                       ‫אن א‬          ‫א‬                      ‫א‬                               ‫و‪ Ë‬א‬
        ‫א‬                 ‫ق‬                                  ‫א‬            ‫אن א‬              ‫‪ª‬א‬                 ‫دم ‪ Ú‬א‬
                                         ‫و‪K‬‬                           ‫ً ً ‪Ù‬‬                          ‫אً‬              ‫‪Ù‬‬                 ‫د‬
‫‪ª‬‬                ‫‪ Ú‬א‬                                      ‫د‬                ‫א‬                    ‫ ل‬              ‫و אא ل‬
                 ‫א‬             ‫א א‬               ‫‪ú‬و ‪Ù‬‬                     ‫‪ª‬‬                    ‫‪ Ú‬א‬                           ‫و‬                  ‫א‬
                                                                                ‫‪K‬‬            ‫و‬                             ‫‪ª‬‬                ‫و‬
‫א א‪ ª‬א د‬             ‫وא‬                 ‫‪Ø‬و ‪ W‬א‬               ‫دא‬              ‫א‬                                            ‫86‬




                                   ‫ﺷﻜﻞ )4-1( ﺍﺳﺘﻌﻼﻡ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ‬


    ‫‪? ú‬س?‬                          ‫ق‬             ‫א‬           ‫‪ E2-4F‬ن א‬                      ‫א‬               ‫ض‬
‫ق‬    ‫א‬                     ‫‪? ú‬س? א‬                                      ‫א‬           ‫אن א‬        ‫‪ Exyzbank.comF‬و ن א‬
         ‫ق‬        ‫א‬        ‫א‬                                            ‫‪E88.33.22.11F‬‬                        ‫‪Exyzbank.comF‬‬
‫–‬                ‫زא‬            ‫م‬            ‫‪EInternet‬‬            ‫‪BrowserF‬‬          ‫א ‬               ‫א‬            ‫‪ú‬‬        ‫א‬
‫‪? ú‬س?‬                                ‫אن א‬            ‫א‬             ‫م‬                        ‫א‬           ‫– ً ×‬              ‫א‬
‫א دم‬             ‫د‪ ú‬و ن ذ‬                   ‫‪ Kª‬ذא‬                      ‫دم ‪ Ú‬א‬                    ‫م‬            ‫א‬        ‫ل‬
         ‫و و‬                                ‫אن‬               ‫‪Ù‬د‬                    ‫‪E3-4F‬‬                 ‫א‬        ‫ً‬
‫‪ú‬‬                          ‫א‬           ‫א‬                                                   ‫‪Ù‬‬                ‫‪ E92.45.67.89F‬א‬
             ‫א‬        ‫‪ú‬‬            ‫ق א‬                      ‫ن نא‬             ‫אً‬            ‫א‬                      ‫?س? א‬
    ‫אن‬           ‫א‬                  ‫א‬                       ‫א‬           ‫א‬                          ‫و‬              ‫و‬
                                                         ‫‪K‬‬             ‫אن א‬          ‫‪Ù‬‬                   ‫ً‬
‫96‬                        ‫א א‪ ª‬א د‬    ‫وא‬      ‫‪Ø‬و ‪ W‬א‬     ‫دא‬   ‫א‬




           ‫ﺷﻜﻞ )4-2( ﺍﺳﺘﻌﻼﻡ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ‬




     ‫ﺷﻜﻞ )4-3( ﺍﺳﺘﻌﻼﻡ ﺧﺎﺩﻡ ﺃﲰﺎﺀ ﺍﻟﻨﻄﺎﻗﺎﺕ ﰲ ﺣﺎﻟﺔ ﺍﻟﺘﺴﻤﻴﻢ‬
‫א א‪ ª‬א د‬                  ‫وא‬               ‫‪Ø‬و ‪ W‬א‬           ‫دא‬                 ‫א‬                                                     ‫07‬
         ‫4.2 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﱐ: ﺗﺴﻤﻴﻢ ﻣﻠﻒ ﺍﳋﻮﺍﺩﻡ ﺍﳌﻀﻴﻔﺔ )‪(Hosts File Poisoning‬‬
‫‪ª‬‬                 ‫-‬                    ‫‪Ø‬و -‬             ‫دא‬                  ‫א‬                          ‫‪ª‬‬            ‫אא‬
                  ‫ن ‪EhackersF‬‬                   ‫م א‬     ‫‪ª‬‬                  ‫אא‬              ‫‪ Kª‬‬                ‫دم ‪ Ú‬א‬
                                            ‫‪K‬‬          ‫زא‬          ‫د‬                   ‫‪ Ehosts fileF‬א‬                  ‫א אدم א‬
                          ‫א‬        ‫‪ª‬و و‬                      ‫‪ Ú‬א‬                               ‫אدم א‬           ‫א‬
‫ ً ‪ElocallyF‬‬                               ‫א‬                    ‫א אدم א‬                     ‫ن‬                 ‫‪ª‬‬         ‫دم ‪ Ú‬א‬
                                                                                                           ‫م‪K‬‬        ‫ز א‬
‫אن‬            ‫א‬                        ‫موً‬                         ‫زא‬                   ‫ن‬
                      ‫אن א‬         ‫א‬            ‫م‬            ‫א‬          ‫אدم‬             ‫‪ª‬א‬                 ‫א دم ‬                              ‫א‬
                                                                                                               ‫‪Kª‬‬         ‫دم ‪ Ú‬א‬
‫م‬         ‫‬               ‫אدم א‬        ‫א‬              ‫א ‬              ‫א‬                   ‫‪ E4-4F‬א‬                      ‫ضא‬
                                                     ‫وز ‪.EMicrosoft WindowsF‬‬                               ‫و‬         ‫و‬                         ‫א‬
                   ‫‪ª‬א‬              ‫‪ ª‬ن‬                  ‫دم ‪ Ú‬א‬                                    ‫‪ª‬‬             ‫‬          ‫ذ‬
                      ‫א‬                         ‫א‬                ‫‪Ù‬‬                                ‫א‬           ‫‪ª‬و و‬                  ‫‪ Ú‬א‬
‫م‬                               ‫א אدم א‬                           ‫‪ª‬‬                    ‫ً‬                      ‫وא ل‬                      ‫א‬
         ‫وذ‬                   ‫زא‬            ‫‬           ‫אدم א‬          ‫א‬                                                        ‫ن‬            ‫א‬
                          ‫‪K‬‬                     ‫‬            ‫אن‬                         ‫ق‬              ‫א‬
              ‫א‬                    ‫א ‪ª‬‬                          ‫א ‪ú‬‬                       ‫‪ E5-4F‬א‬                      ‫ضא‬
     ‫א‬        ‫ن‬           ‫א‪Ø‬‬            ‫وא‬               ‫א‬         ‫א‬               ‫ً‬        ‫‪E92.45.67.89F‬‬                  ‫א‬       ‫א‬
                                                                                                                ‫‪KE88.33.22.11F‬‬
71                                                     ‫ א د‬ª‫א א‬              ‫وא‬               ‫ א‬W ‫و‬Ø               ‫دא‬            ‫א‬



                                      localhost                 127.0.0.1

                                     ‫ﺷﻜﻞ )4-4( ﻣﻠﻒ ﺍﳋﻮﺍﺩﻡ ﺍﳌﻀﻴﻔﺔ‬



                                            xyzbank.com                        92.45.67.89


                      ‫ﺷﻜﻞ )4-5( ﻣﻠﻒ ﺍﳋﻮﺍﺩﻡ ﺍﳌﻀﻴﻔﺔ ﺑﻌﺪ ﺍﻟﻌﺒﺚ ﺑﻪ‬


Content    ) ‫4.3 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﻟﺚ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺑﻮﺍﺳﻄﺔ ﺣﻘﻦ ﺍﶈﺘﻮﻯ‬
                                                                                                                       (Injection
Emalicious contentF                                            ‫دون‬            ‫مא‬         ª                    ‫ אא‬
       ‫א‬       Ò‫א א‬          ‫م‬            ‫ن‬               KElegitimate        siteF                                          ‫و‬
                                                                                                                         W
                                 K               ‫א‬                    ‫א‬            ‫زא א‬                       ‫د‬         J
                             K        ‫ز زא א‬              EmalwareF                              ‫א‬                     J
   K ‫و‬Ø         ‫دא‬                   ‫دم א‬                  ‫ א‬           ‫ א‬ª            ‫א‬                    ‫د‬         J
                       W             Ò‫א‬                   ‫د א‬                                 ‫אع‬                   ¯
EhackersF ‫ن‬           ‫م א‬                       ‫א‬           ‫دم א‬                                    ‫ل‬           ‫ א‬J
 KEmalicious contentF                                  Elegitimate contentF                                ‫א‬       Ò‫אل א‬
EhackersF                                        ‫א‬             ‫ دم א‬                                 ‫ل‬           ‫ א‬J
Cross-Site Script – F                       ‫א‬         ú       K‫אدم‬        ‫א‬                                        ‫אد‬
           ú                                        EProgramming         FlawF                                        ‫ و‬EXSS
‫ א د‬ª‫א א‬                   ‫وא‬                    ‫ א‬W ‫و‬Ø            ‫دא‬                ‫א‬                                                    72
          ‫ و‬EblogsF ª ‫ א وא  א و‬ª                                                           ‫א ل‬                         K
‫ و‬Ediscussion boardsF ‫ش‬                                        ‫א‬ª                             ‫ و‬Euser reviewF                       ‫א وא‬
                       ‫א‬    ‫و‬Ø                   ‫وא د  א × א‬                            ‫و‬                ‫א‬ª                        ª
                                                                                              KEweb-based emailF  ‫א‬                         ‫א‬
                   ‫א‬                 ‫א‬                              ‫د‬                           ú ‫א‬              Ò‫א א‬
                  ‫وض‬                                                 Í                           ‫אد‬                                 ‫ن‬
                        ‫א وא‬                              ª                           ‫א א א‬                                    ‫א אدم א‬
                   K        ‫א‬                    ‫ض‬                               ‫א‬                                ‫אد א‬        ‫א‬
1 ECNET News.comF                                              ‫אא ع و د‬                                         ‫א א‬           ‫א‬
                                                                    ‫ن‬                    Ù       ‫?2 א‬PayPal?                  ‫م‬
 ‫د‬                      ‫د‬                                                                Ë‫و‬       ‫א‬                  ‫א‬            ‫و‬Ø       ‫א‬
     K                                                 ‫א‬         ‫א‬ª              ‫د ل‬                                                ‫א‬
                  Ò‫א‬                          ‫א‬            ‫و‬Ø        ‫دא‬                   ‫אع א‬                         ‫ א عא‬J
         ‫م א‬                    ‫א‬                                       ‫א‬                                 ‫ א‬                    ‫ل‬         ‫א‬
ª             ‫א‬                                                             ‫א‬             KESQL           injection vulnerabilityF

                                                          ‫و‬                                  ‫  א دم א‬Edatabase commandF
                                                                                                                                   Kª        ‫א‬
          ‫א‬            × ‫אد א‬             ‫א‬                                      ‫م א‬                 ‫א‬                             ‫א‬
                  ‫وض‬                                                ‫ل‬                                     Ecross-site      script – XSSF


(1) “PayPal fixes phishing hole”, by Joris Evers, Staff Writer, CNET News.com, Published:
    June 16, 2006 4:12 PM PDT, (http://www.news.com/PayPal-fixes-phishing-hole/2100-
    7349_3-6084974.html).
                                                                                              K  ‫א‬          ‫א‬                             (2)
73                                                                        ‫ א د‬ª‫א א‬                         ‫وא‬                  ‫ א‬W ‫و‬Ø                ‫دא‬            ‫א‬


                                                               Kª                                   ‫א א א‬                                              ‫א אدم א‬
                ‫א‬                   ‫א‬         ‫و‬Ø               ‫دא‬                      ‫א‬ª                                ‫1א א‬                    ‫א‬
                                                     ESQL injection vulnerabilityF                                            ‫م א‬                   ‫א‬
                                        ‫زوא א‬                 ‫ع‬              ‫א‬                        Eknorr.comF ?                       ?  ‫א‬                    ‫א‬
     ‫ א‬                                 ‫ل‬                ‫א‬                               Elogin          authenticationF ‫ل‬                              ‫א‬
        ‫א‬                   ‫لא‬                ‫نא‬                          K                ‫م א‬                      ‫א‬                 ‫א‬                           Ú
    Ø                   ‫م א‬                      ‫א‬                              ‫א‬                     ‫?;? وא‬
                ‫ضא‬                            ‫د‬                                            ‫א‬                                                                 ‫ن‬
true logical                F                                                     EHackerF ‫ق‬Ø ‫א‬                                       ‫ن‬              ‫و‬K
‫م‬                               ‫א‬             ‫ن‬                ‫م‬                       ‫א‬                    ‫א‬                    ‫א‬                 Eexpression
                                 Eor ‘x’=‘x’F                          ‫א‬                     ‫א‬           ‫א ل و‬
                        K                 ‫א‬                                            ‫א‬                                ‫א و‬               ‫مو‬                ‫א‬    ‫א‬


Man-in-the-Middle                             ) ‫4.4 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺮﺍﺑﻊ: ﻫﺠﻤﺔ ﺍﻟﺮﺟـﻞ ﰲ ﺍﻟﻮﺳـﻂ‬
                                                                                                                         (Attack – MITM
            ‫א‬                                          ‫ل‬           ‫وא‬                              ‫د‬         ‫مא‬            ª                 ‫ אא‬
                           ‫م وא‬                     ‫א‬             ‫א‬                            ‫א‬                      ‫ل א‬               ‫א‬                ‫ل‬
            ‫وא دم‬                             ‫א‬                    ‫א‬Ø ‫א‬                    ‫ن‬                               ‫א‬               ‫ א‬KE6-4F                 ‫א‬
                                        K E7 J4F                          ‫א‬                                     ‫א‬             ‫ل‬                     ‫و‬         ‫ون‬

(1) “Knorr.de SQL Injection and XSS Vulnerabilities”, Sebastian Bauer, 01/12/07,
    (http://blog.gjl-network.net/blog/index.php?/archives/78-Knorr.de-SQL-Injection-and-
    XSS-Vulnerabilities.html)
‫א א‪ ª‬א د‬            ‫وא‬                ‫‪Ø‬و ‪ W‬א‬             ‫دא‬          ‫א‬                                                 ‫47‬
                           ‫ل‬           ‫א‬                              ‫د‬        ‫א‬                           ‫א‬
‫م‬        ‫א‬                        ‫د  א‬            ‫نא‬          ‫و‬         ‫ل‬            ‫א אد א‬           ‫م وא‬            ‫א‬
      ‫‬          ‫א‬         ‫م‬              ‫א‬             ‫د‬     ‫‪ª‬א‬         ‫لא‬           ‫دא‬                                ‫وא‬
     ‫‬           ‫و د‬                                  ‫א‬          ‫‪ EInstant MessagingF‬و‬                         ‫ل א‬         ‫א‬
    ‫م‪ K‬و‬         ‫א‬                ‫د‬                ‫‪ª‬א א د‬            ‫نא‬           ‫زאل‬            ‫א‬        ‫א‬
‫د‬               ‫ و‬                    ‫م‬        ‫ً‬         ‫د‬      ‫א د نא‬              ‫‬                ‫ل‬         ‫א‬         ‫‬
                                                               ‫‪KE8-4F‬‬              ‫א‬         ‫م‬           ‫א‬        ‫‬
‫م‬        ‫ز א‬                  ‫و‬                                 ‫ل‬          ‫نא‬            ‫‪ª‬‬           ‫ אא‬
‫‪× ª‬‬             ‫نא‬         ‫‪Ø‬א‬                   ‫א‬                   ‫‪ F‬و א دم‪KE‬‬           ‫ز א‬        ‫‪ E‬و‬               ‫‪F‬وא‬
                      ‫? ‪KEMan-in-the-MiddleF‬‬                           ‫א‬           ‫‪? ú‬א‬                   ‫و‬          ‫ز‬




                          ‫ﺷﻜﻞ)4-6( ﺍﻟﺘﺮﺍﺳﻞ ﰲ ﻭﺟﻮﺩ "ﺍﻟﺮﺟﻞ ﰲ ﺍﻟﻮﺳﻂ"‬




                      ‫ﺷﻜﻞ )4-7( ﺍﻟﺘﺮﺍﺳﻞ ﺍﳌﻔﺘﺮﺽ ﺑﲔ ﺍﳌﺴﺘﺨﺪﻡ ﻭﺍﳌﻮﻗﻊ‬
‫57‬                                                             ‫א א‪ ª‬א د‬               ‫وא‬                    ‫‪Ø‬و ‪ W‬א‬          ‫دא‬              ‫א‬




                       ‫ﺷﻜﻞ )4-8( ﺍﻟﺘﺮﺍﺳﻞ ﰲ ﺣﺎﻟﺔ ﻭﺟﻮﺩ ﺍﻟﺮﺟﻞ ﰲ ﺍﻟﻮﺳﻂ‬


‫م‬         ‫א‬                ‫א ‪Ø‬א‬                    ‫ل‬               ‫א‬                     ‫א‬                        ‫ن‬
                                                                                       ‫‪K‬‬           ‫א ‪Ø‬א‬                      ‫و‬             ‫وא‬
‫?‬      ‫مא‬              ‫?‬                        ‫و‬         ‫א ‪Ø‬א‬                 ‫ل‬                         ‫א‬              ‫ن‬
‫م‬         ‫א‬           ‫‪ª‬‬           ‫א‬                ‫ل‬          ‫‪EcontentF‬‬                       ‫‪ Ù‬א‪Ò‬‬                ‫‪EActive‬‬           ‫‪AttackF‬‬

          ‫ضא‬                           ‫‪ú‬و‬                           ‫א ‪Ø‬א‬                   ‫א ل ‬                                          ‫وא‬
‫‪ª‬‬         ‫א‬        ‫د א ‪Ø‬ق ‪EHackerF‬‬                             ‫א‬                  ‫‪E9-4F‬‬                      ‫‪ª‬‬              ‫א‬              ‫א‬
     ‫‪ª‬א‬            ‫א‬        ‫ً‬           ‫4444‪E‬‬                   ‫‪ª‬‬          ‫א‬                    ‫‪F‬‬             ‫אل‬         ‫א‬             ‫א אد‬
‫ل‬     ‫–‬                ‫א‬                   ‫א‬             ‫‪Ø‬א‬            ‫‪–ú‬א‬                     ‫م א‬                         ‫א‬         ‫د‬
                                       ‫د‪K‬‬           ‫د א‬             ‫‪ª‬א‬             ‫א‬                    ‫א‬           ‫א‬           ‫و‬           ‫א‬
‫م‬    ‫? و ?א‬                 ‫مא‬                 ‫?‬               ‫و‬        ‫א ‪Ø‬א‬                                           ‫نא‬
                       ‫‪ª‬א‬              ‫طא‬           ‫א‬      ‫د‬        ‫א‬                                  ‫? ‪EPassive AttackF‬‬                   ‫א‬
     ‫א‬        ‫م‬             ‫א‬                      ‫‬          ‫ ل‬                                ‫א‬           ‫א‬         ‫م و‬                ‫א‬
                                                          ‫م‪K‬‬        ‫א‬                         ‫ل‬          ‫ًא‬                    ‫א‬         ‫وא‬
    ‫א א‪ ª‬א د‬            ‫وא‬                    ‫‪Ø‬و ‪ W‬א‬                   ‫دא‬               ‫א‬                                                        ‫67‬




              ‫ﺷﻜﻞ )4-9( ﺗﻐﻴﲑ ﺭﻗﻢ ﺍﳊﺴﺎﺏ ﺍﶈﻮﻝ ﺇﻟﻴﻪ ﻣﻦ ﻗ‪‬ﺒ‪‬ﻞ ﺍﻟﺮﺟﻞ ﰲ ﺍﻟﻮﺳﻂ.‬


     ‫دم ‪Ú‬‬                                          ‫?‬                ‫א‬               ‫א‬           ‫?‬             ‫ق‬             ‫א‬
          ‫و א‬                    ‫‪Ù‬א‬            ‫‪ª‬‬                                     ‫א‬               ‫‪EDNS PoisoningF ª‬‬                              ‫א‬
          ‫אن א‬               ‫א‬             ‫م‬                ‫א‬                        ‫ذ‬       ‫ً‬       ‫‪K‬‬                   ‫א‬                ‫‪Ù‬‬
                   ‫א‬                                   ‫ً و‪ Ë‬א‬                        ‫م‬           ‫‪? ú‬س? ذא ن دم א‬
‫אن‬       ‫‪ª‬א‬                      ‫دم ‪ Ú‬א‬                                  ‫ن‬               ‫ً‬       ‫א ‪ú‬‬                                     ‫אن א‬      ‫א‬
‫‪Ù‬‬        ‫ً ً‬                         ‫אً‬                                     ‫ق א ‪? ú‬س?‬                                               ‫א‬             ‫א‬
                                                                ‫‪? ú‬س?‪K‬‬                                ‫א‬        ‫א‬                ‫و‬
‫‪ú‬‬        ‫א‬                  ‫ود‬                        ‫ً‪K‬‬           ‫د‬            ‫א‬                        ‫א‬            ‫א א‬
‫ل‬                       ‫وذ‬                     ‫א‬                    ‫א‬            ‫م و‬         ‫א‬                    ‫א‬                 ‫‪E‬‬            ‫‪F‬א‬
‫د‬        ‫مא‬                            ‫و‬                ‫‪ª‬א‬                   ‫א‬                       ‫د‬         ‫א‬
     ‫‪K‬‬         ‫א‬                 ‫א‬                              ‫ً‬                ‫‪? ú‬س?‬                         ‫א‬         ‫א‬


                         ‫4.5 ﺍﻷﺳﻠﻮﺏ ﺍﳋﺎﻣﺲ: ﺗﺸﻮﻳﺶ ﺍﻟﻌﻨﻮﺍﻥ )‪(Address Obfuscation‬‬
‫ق‬              ‫א‬                            ‫وو‬                                       ‫‪ª‬‬            ‫دون  א א‬                      ‫مא‬
                                                                                                 ‫‪K‬‬        ‫א‬             ‫ق א‬                  ‫א‬
‫ً‬                  ‫א‬                ‫ق א‬              ‫نא‬               ‫ن‬            ‫‪ª‬‬           ‫دون  א א‬                       ‫א‬
‫77‬                                                                ‫א א‪ ª‬א د‬                   ‫وא‬                 ‫‪Ø‬و ‪ W‬א‬              ‫دא‬                    ‫א‬


            ‫א و ‪K‬‬                   ‫א‬                    ‫א‬                 ‫א‬                                             ‫قא‬          ‫א‬                ‫א‬
                          ‫ن‬              ‫ن‬                   ‫א‬                ‫ق א‬                                      ‫و ¯א‬
                                                                                                  ‫‪K‬‬        ‫א‬                ‫ً‬            ‫א‬               ‫و‬
‫ل‬                              ‫א‬             ‫ق א‬                                                     ‫ق‬              ‫א‬           ‫ً‬
‫ق‬       ‫א‬                 ‫ً‬              ‫אدאً‬       ‫دא‬            ‫‪ú‬א‬                    ‫و‬             ‫ذ‬              ‫‪ ?ª ? ú‬א‬
‫‪Esabb.comF‬‬                               ‫א‬               ‫ق‬                              ‫‪ Esabb.net.msF‬א‬                                                   ‫א‬
                              ‫א و‬              ‫ً ن א‬                         ‫‪ KE11-4F E10-4F‬و‬                                              ‫א‬
                                        ‫س‪K‬‬              ‫وא‬            ‫وא‬                ‫وא‬                 ‫א‬                                  ‫א‬           ‫א‬
            ‫א‬                     ‫وא‬              ‫ذ‬             ‫? א‬                 ‫‪?ú‬‬              ‫ل‬          ‫‬                       ‫و‬
                     ‫א‬                      ‫א د א‪ً Ú‬‬                           ‫د‬            ‫א‬                ‫‪ E12-4F‬و‪ E13-4F‬א‬
‫‬       ‫ذ‬                     ‫و ‪ KEsambaonlineaccess.comF‬‬                                                 ‫א‬                ‫ً‬           ‫א‬                ‫و‬
            ‫‬             ‫ل א‬                  ‫‪ EonlineaccessF‬و  א‬                                      ‫‪ ú‬و‬                ‫ق א‬                 ‫א‬        ‫א‬
    ‫?‬           ‫‪?ú‬‬                  ‫‬                   ‫قא‬        ‫א‬             ‫א‬                     ‫א‬                 ‫ً‬            ‫א‬                   ‫و‬
                 ‫א‬             ‫א‬                             ‫א و‬                    ‫ن א‬                      ‫‪ KEsambaonline.comF‬و‬
                                                                       ‫س‪K‬‬                ‫وא‬           ‫وא‬                 ‫وא‬                   ‫א‬
‫א א‪ ª‬א د‬   ‫وא‬      ‫‪Ø‬و ‪ W‬א‬   ‫دא‬     ‫א‬                ‫87‬




                 ‫ﺷﻜﻞ )4-01( ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺳﺎﺏ"‬




                 ‫ﺷﻜﻞ)4-11( ﺍﳌﻮﻗﻊ ﺍﻷﺻﻠﻲ ﳌﺼﺮﻑ "ﺳﺎﺏ"‬
‫97‬                 ‫א א‪ ª‬א د‬   ‫وא‬     ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬




     ‫ﺷﻜﻞ)4-21( ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺳﺎﻣﺒﺎ"‬




     ‫ﺷﻜﻞ )4-31( ﺍﳌﻮﻗﻊ ﺍﻷﺻﻠﻲ ﳌﺼﺮﻑ "ﺳﺎﻣﺒﺎ"‬
‫א א‪ ª‬א د‬                ‫وא‬             ‫‪Ø‬و ‪ W‬א‬                ‫دא‬                     ‫א‬                                                            ‫08‬
‫4.6 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺴﺎﺩﺱ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳـﻖ ﺍﻟـﱪﺍﻣﺞ ﺍﳋﺒﻴﺜـﺔ‬
                                                                                                                          ‫)‪(Malware Attack‬‬
‫ل‬                   ‫‪ª‬‬              ‫אא‬        ‫‪E‬‬                        ‫م ‪F‬א‬                   ‫‪ ª‬א‬                        ‫‬
        ‫א ×א‬        ‫د‬                   ‫אא‬                         ‫د ‪K‬‬                                           ‫א ‬                     ‫א‬
                                                                   ‫م‪K‬‬                ‫ز א‬           ‫‪ EmalwareF‬א و ‬                                 ‫א‬
‫ل‬                        ‫‪ ª‬א‬               ‫א  א‬                               ‫د‬                      ‫א‬        ‫א ×א‬
‫ل‬         ‫א‬         ‫א ل‬                             ‫(‪K‬‬                 ‫م )א‬                  ‫א‬                  ‫א ‬                    ‫א‬
    ‫م‬          ‫א‬              ‫م‬            ‫و א‬                        ‫و‬                ‫‪ú‬‬         ‫‪Ø‬و ‬                    ‫א‬        ‫م ‬             ‫א‬
               ‫د‬         ‫و‬                           ‫א ‬                                     ‫ل‬                                 ‫א‬             ‫א‬     ‫و‬
‫د‬         ‫א‬         ‫‬          ‫و‬                 ‫‪ª‬א‬                ‫א‬            ‫ط‬                                          ‫زא‬            ‫‬        ‫א ×א‬
‫‪ú‬‬                       ‫‪Ø‬و‬         ‫א‬        ‫א‬                     ‫مא‬                        ‫א‬                      ‫و‬                              ‫א‬
                                                          ‫‪K‬‬             ‫א‬                ‫א‬                 ‫د‬          ‫א‬                              ‫א‬
          ‫א‪ª‬‬                                                  ‫‪ª‬‬                     ‫ אא‬                       ‫ق א‬             ‫א‬
               ‫م‬              ‫א‪Ú‬‬                     ‫وא‬                         ‫زא‬             ‫‪ EKeystroke‬‬                    ‫‪LoggerF‬‬              ‫א‬
     ‫م و‬                      ‫د وא‬           ‫א‬            ‫‬                 ‫م‬                      ‫و‬             ‫א‬                          ‫א‪ª‬‬      ‫א‬
                                        ‫‪K‬‬                 ‫א‬                     ‫ل‬                  ‫‪ª‬‬           ‫صא‬                   ‫وא‬


‫4.7 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺴﺎﺑﻊ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﳏﺮﻛـﺎﺕ ﺍﻟﺒﺤـﺚ‬
                                                                                             ‫)‪(Search Engine Phishing‬‬
                               ‫‪Ø‬و‬                ‫א‬                          ‫د و‬
‫אع‬                      ‫א א‬                     ‫ض‬            ‫‪K‬א‬            ‫‪ª‬و‬                     ‫א  ‬                        ‫א‬            ‫‪ERetailF‬‬
‫18‬                                                          ‫א א‪ ª‬א د‬                   ‫وא‬             ‫‪Ø‬و ‪ W‬א‬                     ‫دא‬                 ‫א‬


                                                  ‫א‪K‬‬            ‫א ‬                ‫א‬                    ‫‪ª‬‬                                            ‫א‬
     ‫و‬             ‫א ‬        ‫א‬                        ‫ ‪ª‬א‬                                  ‫א א‬               ‫د ل‬
               ‫‪ª‬א‬         ‫ق‬                                 ‫و‬           ‫‪ª‬‬                    ‫ً‬             ‫א א‬
                                                                                                       ‫‪Kª‬‬                ‫א‬
‫א‬                      ‫‪ª‬א‬    ‫‬
      ‫א‬            ‫نذ‬             ‫‪Ø‬و‬             ‫دא‬            ‫א‬                                                ‫א‬                                  ‫‪Ë‬‬
                        ‫‪Kª‬‬    ‫א‬             ‫א‬                 ‫- ذא ن‬                                      ‫-‬                     ‫ضא‬
               ‫م‬        ‫ض‬                                   ‫א‬               ‫א א‬                            ‫א‬                ‫ز‬
‫‪ª‬‬                                           ‫وذ‬             ‫‪ª‬‬                 ‫‪Ø‬و‬             ‫ذج‬                                                 ‫א‬    ‫א‬
                              ‫א‬                            ‫א ‪Ø‬‬                              ‫א‬                         ‫و‬                 ‫א‬       ‫ذ‬
                                                       ‫‪K‬‬                ‫ل‬          ‫ًא‬             ‫م‬                              ‫א‬                 ‫א‬


‫‪The‬‬      ‫4.8 ﺍﻷﺳﻠﻮﺏ ﺍﻟﺜﺎﻣﻦ: ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻋﻦ ﻃﺮﻳﻖ ﺍﻟﻨﻮﺍﻓـﺬ ﺍﳌﻨﺒﺜﻘـﺔ )‬
                                                                                                                         ‫‪(Popup Attack‬‬
  ‫د א א א‬                          ‫אً‬              ‫א د א و‬                               ‫א‬         ‫‪ª‬‬                 ‫אא‬
‫و א‬                ‫א ‬             ‫‪ª‬א‬                               ‫‬                              ‫‪EPopup BlockerF‬‬                                  ‫א‬
‫‪ ª‬ن‬                      ‫אא‬    ‫ن‬             ‫‪KÙ‬‬            ‫‪ª‬א و א‬                           ‫‪ ªª‬אא‬
                                        ‫‪Kª‬‬             ‫א א  א‬                             ‫و د‬                                                ‫ً‬
                        ‫‪E14-4F‬‬                     ‫א‬               ‫‪ª‬‬                  ‫ אא‬                          ‫א‬                 ‫א‬
           ‫א‬            ‫‪ Kú‬و‬            ‫‬                                         ‫× ‬                      ‫م‬
 ‫م‬                 ‫א‬                    ‫‪ª‬‬                          ‫م‬              ‫א‬                   ‫ذج‬                                          ‫א‬
‫א א‪ ª‬א د‬       ‫وא‬        ‫‪Ø‬و ‪ W‬א‬   ‫دא‬            ‫א‬                                       ‫28‬
‫‪ ª‬‬         ‫א‬            ‫و ‪Ù‬ذ‬          ‫אن א ×‬        ‫א‬                  ‫א و وذ‬           ‫و‬
                                           ‫ذج‪K‬‬       ‫א‬        ‫م‬         ‫ً‬      ‫ً‬
‫م‬      ‫א‬                   ‫א‬     ‫א‬             ‫א ×‬             ‫א‬         ‫א ‪ ú‬א‬
    ‫د‪ú‬‬          ‫ل‬    ‫‬     ‫وذ‬          ‫א‬                 ‫אً‬            ‫‪ú‬א‬     ‫א‬          ‫و‬
                                                                      ‫א ‪Kú‬‬          ‫ً‬




                           ‫ﺷﻜﻞ )4-41( ﺍﻟﻨﺎﻓﺬﺓ ﺍﳌﻨﺒﺜﻘﺔ‬
83                                                         ‫ א د‬ª‫א א‬                       ‫وא‬               ‫ א‬W ‫و‬Ø            ‫دא‬             ‫א‬


             (Fake Address Bar) ‫ﺍﻷﺳﻠﻮﺏ ﺍﻟﺘﺎﺳﻊ: ﺷﺮﻳﻂ ﺍﻟﻌﻨﻮﺍﻥ ﺍﳌﺰﻳﻒ‬                                                                       9.4
                    ‫و‬     ‫و‬Ø             ‫دא‬                    ‫א‬                                        ª              ‫אא‬
         ‫א‬                                        ‫א‬                ‫אن  א‬              ‫א‬                                        ‫אل‬           ‫א‬
    ‫و‬Ø                  ‫ض‬                ‫د‬             ‫א‬ª                     ‫אא‬                        K Eweb         browserF          ‫א‬
                                K                                                      ‫و א א‬
Java F ?                  ?               ª                       ‫אم‬                  ª                    ‫אא‬
                                                                            KEJava AppletF ?                                 ? ‫ و‬EScript
     ‫  د‬ª‫אدא‬                        ‫א‬                    ‫א‬                    ‫אن‬                 ‫א‬
‫? א‬                       ?‫ز‬                                           ‫ذ‬      ‫و‬                ‫و‬Ø          ‫א‬           ‫א‬
         ‫א‬          ‫? و‬window.open? EfunctionF                                              ‫אم א‬                ‫אً א‬         ‫א ض و‬
                                                                                                         K?no?                 ?location?
                ،-‫א ل‬                        -‫م‬                        ‫א‬                          ª              ‫אא‬
         ‫ع א‬                 ‫ א‬ú            ‫و‬                    ‫א‬         ‫א‬           - ‫و‬Ø                                     ‫א‬
         ‫ א‬            ‫אن א‬        ‫א‬                                             ‫و‬                        ‫א א‬                ‫م‬            ‫א‬
     ?               ª             -         ‫ذ‬                - ‫אم‬                             ‫وذ‬                             ‫אل‬           ‫وא‬
                ‫و‬               ‫ و‬EJava AppletF ?                                               ? ‫ و‬EJava ScriptF ?
                                                                   K‫אن‬         ‫א‬                ‫د‬                 ‫אع א א‬        EimageF
                                                     ‫אن‬                           E15 J4F                              ‫א‬
EInternet ExplorerF 1 ?                                        Ø?  ‫א‬                           ‫א‬                                   ‫א‬
                       Ewww.nike.com/main.htmlF ‫אن‬                                         ‫א‬Ù ‫و‬                                        ‫و‬

1 http://www.microsoft.com/ie
‫ א د‬ª‫א א‬         ‫وא‬            ‫ א‬W ‫و‬Ø      ‫دא‬            ‫א‬                                     84
www.contentverification.com/graphic-F                             ‫א و‬                  ‫א‬
                                                              KEattacks/demo/adbarframeset.html
                 ‫אم‬                ‫و‬                      ‫ א ل א‬E16-4F            ‫ضא‬
                            9.23                          ‫ א‬EOperaF 1 ?‫א  ? و א‬
‫אن‬     ‫ضא‬                 ‫و א و‬              ‫د  א‬           ‫א‬          ‫א‬        ‫אن‬       ‫א‬
ً         ‫و‬K    ‫א و‬             ‫א‬              ‫אن‬       ‫א‬               ‫ ل‬                     ‫א‬
‫אن‬     ‫א‬              ‫ن‬     ‫و‬            ‫אن א‬        ‫א‬                       ‫ض‬                   ‫א‬
                                                      KEgifF ‫אد‬          EimageF                 ‫א‬




                      ‫ﺷﻜﻞ )4-51( ﺷﺮﻳﻂ ﻋﻨﻮﺍﻥ ﻣﺰﻳﻒ ﻋﻠﻰ ﻫﻴﺌﺔ ﺻﻮﺭﺓ‬

(1) opera.com.
85                                    ‫ א د‬ª‫א א‬        ‫وא‬             ‫ א‬W ‫و‬Ø        ‫دא‬   ‫א‬




                "‫ﺷﻜﻞ )4-61( ﺷﺮﻳﻂ ﺍﻟﻌﻨﻮﺍﻥ ﺍﳌﺰﻳﻒ ﰲ ﺍﳌﺘﺼﻔﺢ "ﺃﻭﺑﺮﺍ‬


 ?ú           1                     ‫אن א‬    ‫א‬            ª                   ‫ل‬
            ‫و‬Ø                                                       ‫ א‬ECitibankF 2 ?
              ‫אن א‬     ‫ن‬     ‫ و‬E17-4F                 ‫א‬             ú        ‫א‬
‫? و‬                    ‫و‬Ø     ‫¯א‬                  ? W‫אن‬        ‫وא‬   support@citibank.com


(1) http://www.antiphishing.org/phishing_archive/Citibank_3-31-04.htm
(2) www.citibank.com
‫ א د‬ª‫א א‬                  ‫وא‬                    ‫ א‬W ‫و‬Ø          ‫دא‬                ‫א‬                                                         86
 ×‫אא‬                            K?            ? Wú                                                  ×‫אא‬                                ‫א‬     ‫א‬
‫אن‬                                   ‫א‬            ‫ل‬                            ‫د‬                ‫א א א‬                         ‫א‬
ú‫א‬            ‫א‬                                             ‫ذج‬        ‫א‬                              ‫א א‬              K ‫و‬Ø              ‫א‬
PIN – Personal                   F                     ‫א‬              ‫א‬            ‫ و‬EATM/Debit                  card numberF                  ‫א‬
                   ‫א‬                             ‫نא ض‬                          ‫א‬                      ‫ وאد‬EIdentification Number
                       ‫ذ‬                           ‫و‬             ×‫א‬                ‫و‬             ‫א‬           Í             ‫א‬            ‫ن‬
     K?             ?ú                               ‫א‬                              ‫ض‬              E18-4F                   ‫>> א‬            ‫א‬
                        ‫و‬Ø               ‫א‬       ×‫א‬                               ‫אن א‬                ‫ًن‬                 ‫ذ‬
                           ‫א‬                                     ‫א ل א‬                                         ‫א‬                     ‫و‬
                                                                                    K                            ‫ وو‬EFromF                    ‫א‬
              K?         ?ú                                    ‫א‬         ‫א‬                    E19-4F                  ‫ضא‬
          ‫א‬                              ‫ل‬                       ‫א‬                               ‫ א ل א‬                ‫א‬ª         ‫א‬
     ‫א‬                 Ehttps://web.da-us.citibank.com/signin/citifi/scripts/E-Mail_verify.jspF
     ‫א‬            Ù                         ‫א‬                  ú        ‫א‬            ‫א‬            ‫? و‬citibank?              ‫א‬             ‫א א‬
          ‫نن‬                    Ehttp://69.56.202.82/~citisecu/scripts/E-Mail_verify.htmF                                                     ‫א‬
                      ª EHypertext Markup Language – HTMLF                                                           ‫א‬            ‫א‬        Ø‫א‬
                           ‫א‬                 ‫ل‬         ‫א‬Ë        ‫אن و‬                       ‫א‬                                     ‫ضא א‬
                                                                                                        K         ‫אع א‬              ‫د‬         ‫א‬
‫78‬                             ‫א א‪ ª‬א د‬   ‫وא‬      ‫‪Ø‬و ‪ W‬א‬    ‫دא‬         ‫א‬




‫ﺍﺷﻜﻞ)4-71( ﻧﺴﺨﺔ ﻣﻦ ﺭﺳﺎﻟﺔ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﻨﺘﺤﻠﺔ ﻟﺸﺨﺼﻴﺔ ﻣﺼﺮﻑ "ﺳﻴﱵ ﺑﻨﻚ"‬
‫ א د‬ª‫א א‬        ‫وא‬            ‫ א‬W ‫و‬Ø   ‫دא‬           ‫א‬                                  88




                      "‫ﺷﻜﻞ )4-81( ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺳﻴﱵ ﺑﻨﻚ‬


?      ‫א‬         ‫א‬        ‫?א‬                 ‫אن א‬       ‫א‬         1       ª
‫ن‬                        EText    FieldF                    ‫و‬      ‫ و‬Ehovering   text boxF

             ‫א‬          ‫ و‬E19-4F             ‫א‬                  ‫ א‬      ‫אن א‬     ‫א‬
                                                                            K ‫א و‬         ‫א‬




(1) http://www.fraudwatchinternational.com/phishing-fraud/phishing-web-site-methods/
‫98‬                         ‫א א‪ ª‬א د‬        ‫وא‬        ‫‪Ø‬و ‪ W‬א‬       ‫دא‬        ‫א‬


     ‫א‬       ‫ض‬            ‫وذ‬                    ‫‪E20-4F‬‬       ‫א‬
             ‫א‬                 ‫و‬            ‫א‬        ‫אن א‬      ‫ض‬
                                       ‫‪Kª‬‬                ‫א‬   ‫א‬          ‫אن‬   ‫א‬




         ‫ﺷﻜﻞ )4-91( ﺷﺮﻳﻂ ﻋﻨﻮﺍﻥ ﻣﺰﻳﻒ ﻋﻠﻰ ﻫﻴﺌﺔ ﺣﻘﻞ ﻧﺼﻲ‬
‫א א‪ ª‬א د‬   ‫وא‬         ‫‪Ø‬و ‪ W‬א‬   ‫دא‬     ‫א‬                  ‫09‬




                 ‫ﺷﻜﻞ )4-02( ﻧﺎﻓﺬﺓ ﺍﳋﺼﺎﺋﺺ ﺗﻮﺿﺢ ﺣﻘﻞ ﺍﻟﻨﺼﻲ‬
‫19‬                               ‫א א‪ ª‬א د‬       ‫وא‬         ‫‪Ø‬و ‪ W‬א‬   ‫دא‬        ‫א‬




                                    ‫ا‬                 ‫ا‬
       ‫و‬            ‫دا‬                  ‫دة‬                ‫اءات ا‬           ‫ا‬
                ‫)‪(Phishing Countermeasures‬‬

                    ‫ﻣﻨﻊ ﻫﺠﻤﺎﺕ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻗﺒﻞ ﺣﺪﻭﺛﻬﺎ‬              ‫•‬

                                             ‫ﺍﻟﺘﺼﻔﻴﺔ )‪(Filteration‬‬     ‫•‬

 ‫ﺍﻟﺘﺤﺪﻳﺜﺎﺕ ﺍﻷﻣﻨﻴﺔ )‪ (Security Patches‬ﻭ ﺟﺪﺭﺍﻥ ﺍﳉﻤﺎﻳﺔ )‪(Firewall‬‬         ‫•‬

            ‫ﺗﺼﻔﻴﺔ ﺍﻷﻛﻮﺍﺩ ﺍﻟﱪﳎﻴﺔ ﺍﳋﺒﻴﺜﺔ )‪(Cross-Site Script - XSS‬‬       ‫•‬

                           ‫ﻟﻮﺣﺔ ﺍﳌﻔﺎﺗﻴﺢ ﺍﳌﺮﺋﻴﺔ )‪(Visual Keyboard‬‬       ‫•‬

                     ‫ﺍﻟﺘﺼﺪﻳﻖ ﺍﻟﺜﻨﺎﺋﻲ )‪(Two-Factor Authentication‬‬       ‫•‬

                         ‫ﺍﻟﺘﺼﺪﻳﻖ ﺍﳌﺘﺒﺎﺩﻝ )‪(Mutual Authentication‬‬       ‫•‬

‫‪Anti-Phishing‬‬   ‫ﺃﺷﺮﻃﺔ ﺃﺩﻭﺍﺕ ﻣﻜﺎﻓﺤـﺔ ﺍﻻﺻـﻄﻴﺎﺩ ﺍﻻﻟﻜﺘـﺮﻭﱐ )‬               ‫•‬

                                                                     ‫‪(Toolbars‬‬
     ‫ﺑﺮﺍﻣﺞ ﻣﻜﺎﻓﺤﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ )‪(Anti-Phishing Softwares‬‬           ‫•‬

‫‪Ø‬و ‪K‬‬       ‫دא‬      ‫‪ª‬א‬     ‫א א‪ ª‬א د ‬        ‫א‬        ‫‬      ‫אא‬




                                   ‫78‬
‫א א‪ ª‬א د‬                  ‫وא‬                 ‫‪Ø‬و ‪ W‬א‬         ‫دא‬                ‫א‬                                                              ‫29‬
    ‫1‬   ‫5,1 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻷﻭﻝ: ﻣﻨﻊ ﻫﺠﻤﺎﺕ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﻗﺒﻞ ﺣﺪﻭﺛﻬﺎ‬
        ‫‪Ø‬و‬        ‫دא‬                ‫‪ª‬א‬                                     ‫א‬                ‫א‬        ‫‪ ª‬א‪Ò‬‬               ‫ن א‬
‫د‬                 ‫‪ª‬א‬            ‫‪ª‬‬                 ‫א‬                 ‫و‬                                                 ‫א א‪ª‬‬                 ‫ذ‬       ‫א‬
‫د‬                 ‫‪ª‬א‬                                     ‫א‬                        ‫א‬             ‫و‬                 ‫و‬                     ‫‪Ø‬و‬          ‫א‬
                                                                                                                                 ‫‪Ø‬و ‪K‬‬                ‫א‬
                                                                               ‫‪W‬‬             ‫א א‪ ª‬א‬           ‫א‬                      ‫و‬
                                                    ‫5.1.1 ﺇﻧﺸﺎﺀ ﺣﺴﺎﺏ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﱐ ﻟﻠﺒﻼﻏﺎﺕ‬
             ‫א‬         ‫غ‬         ‫ א‬                         ‫‪Ø‬و‬                        ‫אن‬                ‫א‬                      ‫و‬
              ‫א‬                     ‫ذא‬                       ‫‪ª‬‬            ‫אא‬                         ‫‪K‬‬        ‫א‬                                  ‫א‬
                                ‫‪K‬‬              ‫د‬          ‫‪ª‬א‬                               ‫ً א אً‬                   ‫و‬            ‫م‬
                  ‫5.1.2 ﻣﺮﺍﻗﺒﺔ ﺭﺳﺎﺋﻞ ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﺮﺗﺪﺓ )‪(Bounced E-Mails‬‬
                                                        ‫א‬       ‫‪Ø‬و‬            ‫دא‬                    ‫א‬
             ‫دم א‬                                  ‫د א א ‪K‬‬                                ‫‪Ù‬‬        ‫×‬            ‫‪Ø‬و‬                          ‫و‬
                              ‫א دم א‬                        ‫‪Ù‬‬                                   ‫‪Ù‬‬                ‫א و ‬
                                          ‫‪K‬‬                      ‫‪Ù‬‬                              ‫א‬                 ‫‪Í‬‬                 ‫א‬           ‫ن‬
                     ‫א‬              ‫نא‬                                                                                         ‫نא‬
‫‪ª‬‬                    ‫‪Ù‬‬                   ‫א‬        ‫א×‬                 ‫א‬                ‫‪K‬‬                           ‫א‬            ‫دم א‬
                                                                                                                            ‫‪K‬‬            ‫د‬           ‫א‬
‫1‬                      ‫‪  Ebouncing‬א‬                    ‫‪emailF‬‬            ‫‪ E1-5F‬א × א‬                                  ‫א‬
          ‫د א‬            ‫א‬                         ‫א‬       ‫‪Ø‬و‬                ‫مא× א‬                                        ‫دم א‬            ‫م‬

‫‪(1) A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and‬‬
    ‫.5002 ,3 ‪Countermeasures", Radix Labs, October‬‬
‫39‬                                   ‫א א‪ ª‬א د‬             ‫وא‬           ‫‪Ø‬و ‪ W‬א‬         ‫دא‬           ‫א‬


‫‪K‬‬    ‫א‬             ‫ق‬    ‫א‬      ‫دא‬        ‫א‬           ‫و‬         ‫?‪?xyz.com‬‬             ‫א‬
     ‫‪Ù‬‬            ‫م ?‪ ?ahmed‬‬        ‫א‬       ‫א‬                             ‫م دم א‬
             ‫א‬          ‫عא‬          ‫2‬                     ‫א‬       ‫م‬             ‫م‬            ‫א‬
                                     ‫‪K‬‬            ‫א‬       ‫‪EFromF‬‬            ‫دא‬            ‫אن א‬    ‫א‬




              ‫ﺷﻜﻞ )5-1( ﺍﻟﱪﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﱐ ﺍﳌﺮﺗﺪ )‪(Bouncing Email‬‬
                                              ‫5.1.3 ﻣﺮﺍﻗﺒﺔ ﻣﺮﺍﻛﺰ ﺧﺪﻣﺔ ﺍﻟﻌﻤﻼﺀ‬
         ‫א‬         ‫א‪ ª‬א א د‬               ‫א‬               ‫‪ª‬و‬            ‫א‬                  ‫א‬
‫א א‪ ª‬א د‬           ‫وא‬              ‫‪Ø‬و ‪ W‬א‬                  ‫دא‬                    ‫א‬                                                                             ‫49‬
    ‫ل × א‬               ‫א‬                             ‫א‪ª‬‬                         ‫א‬                 ‫אع א‪ Ò‬د‬              ‫א‬                              ‫‪K‬‬              ‫א‬
                                                                 ‫د‪K‬‬               ‫‪ª‬א‬                   ‫د‬                                                ‫‪Ø‬و‬             ‫א‬
                                                                                      ‫5.1.4 ﻣﺮﺍﻗﺒﺔ ﺣﺴﺎﺑﺎﺕ ﺍﻟﻌﻤﻼﺀ‬
‫و ‪ª‬‬                          ‫د ‪Ù‬‬                       ‫‪ª‬‬                     ‫א‬                 ‫‪ª‬‬               ‫א‬            ‫‬                     ‫א‬
‫‪ª‬و‬              ‫وא‬                             ‫א‬                      ‫א‬               ‫‪Ù‬‬               ‫‪ ª‬و‬                         ‫א‬                    ‫ل‬               ‫א‬
                                                                                           ‫‪ ú‬א ‪K‬‬                   ‫א‬                ‫‪ª‬‬                               ‫א‬
             ‫5.1.5 ﻣﺮﺍﻗﺒﺔ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﺼﻮﺭ ﺍﶈﺘﻮﻳﺔ ﻋﻠﻰ ﺷﻌﺎﺭ ﺍﳌﻨﻈﻤﺔ ﺃﻭ ﺭﻣﺰﻫﺎ‬
             ‫ز א‬        ‫א‪ ª‬وא‬                     ‫א‬              ‫‪ª‬‬               ‫אم‬                  ‫ًא‬            ‫دون‬               ‫א‬
‫‬    ‫‬          ‫‪ª‬‬              ‫אم‬                  ‫א‬         ‫ً‬                         ‫א‬              ‫ א‬                            ‫א‬                    ‫א‬
                                               ‫‪K‬‬        ‫א‬                                                 ‫و  א אدم א‬                                         ‫אد‬
         ‫א  א‬                         ‫دم א‬                              ‫‪ª‬‬                 ‫א‬                       ‫‪ú‬‬             ‫א‬
         ‫و‬          ‫א‬                    ‫ ‪ª‬‬                                               ‫وא‬                              ‫‪Ø‬و‬                        ‫א‬
    ‫لא‬         ‫و‬                          ‫? ‪ EreferrerF‬א دم‬                                     ‫?א‬                                        ‫א‬
         ‫א‬                          ‫‪EHTTP – Hypertext Transfer ProtocolF‬‬                                                                               ‫א‬              ‫א‬
     ‫‪ K‬ذא ن‬                     ‫ضא‬                      ‫א‬                    ‫‪Ø‬و‬                ‫א‬               ‫אن א‬          ‫ن‬                                        ‫א‬
               ‫ل ن א دم‬                                ‫אن‬                     ‫و‬                     ‫אن א‬           ‫‪Ù‬‬                 ‫? ‪Ù‬‬                            ‫?א‬
     ‫-‬          ‫ً‬                        ‫ض א دم –‬                                      ‫و‬                        ‫א‬                                           ‫‪HTTP‬‬

                                                                          ‫‪K‬‬                ‫א‬               ‫א‬       ‫ً‬
‫ل‬    ‫‪× 1 ª‬و‬                         ‫א‬                        ‫و‬                         ‫‪K‬‬                        ‫ل‬        ‫א‬                ‫אא‬
‫א دم‬                         ‫? ‪ EreferrerF‬و‬                      ‫?א‬                  ‫ن‬             ‫‪EHTTPF‬‬                    ‫א‬                            ‫א‬          ‫א‬

                                ‫‪KEhttp://tools.ietf.org/html/rfc2616F‬‬                                           ‫א‬            ‫‪Ø‬و‬                ‫א‬                ‫‪ E1F‬א‬
‫59‬                                                                                             ‫א א‪ ª‬א د‬                            ‫وא‬                        ‫‪Ø‬و ‪ W‬א‬                         ‫دא‬                    ‫א‬


            ‫א‬            ‫ذ‬                  ‫‪Ù‬‬                                     ‫نא‬                     ‫من‬                    ‫א‬              ‫ذ‬                    ‫‪K‬‬                     ‫א‬                     ‫و‬
                                                                  ‫א‬                    ‫א‬             ‫ن ‪Ù‬‬                            ‫ً‬                 ‫‪K‬‬                    ‫א‬                                   ‫و‬
                                                                                                                                         ‫‪KEblankF‬‬                                  ‫و ‪¯Ø‬‬
    ‫ذ‬                                                ‫א‬                ‫د‬                    ‫א‬                     ‫?‬            ‫?א‬                     ‫‬                        ‫א‬
                ‫‪Ø‬و ‪K‬‬                         ‫دא‬                               ‫‪ª‬א‬                     ‫‬                                  ‫دאً‬                   ‫א‬                                                    ‫א‬
    ‫ًא א‬                                  ‫و‬                      ‫‪Ø‬و‬               ‫دא‬                                ‫‪Í‬א‬             ‫ً‬                        ‫ن‬                                    ‫د‬               ‫א‬
        ‫ً‬               ‫?‬                 ‫?א‬                                                 ‫نא‬                         ‫ل‬                   ‫אא‬                   ‫‬                                               ‫א‬
                                                                                                                                                                                   ‫‪Kª‬‬                      ‫א‬
‫?‬       ‫?א‬                                                               ‫א‬                                  ‫د א‬                                              ‫¯ א ‪Ø‬א ‪ª‬‬
    ‫ً‬                                                            ‫‪Ø‬و‬               ‫دא‬                         ‫‪ª‬א‬                 ‫‬                                 ‫دאً‬                ‫א‬
‫ن‬                                 ‫א‬                                                                          ‫א‬            ‫ذ‬                                                                    ‫‪Ë‬‬
‫ن‬                   ‫א‬                ‫א‬                 ‫ذ‬                                                            ‫دم‬                                  ‫א‬                                                    ‫ن‬
‫‪K‬‬           ‫و‬                 ‫א‬                                          ‫‪ª‬‬                                                         ‫‪ ª‬א‬                               ‫א‬                           ‫ً‬
‫ن‬               ‫ن‬             ‫د‬                  ‫א‬                            ‫?‬                ‫?א‬                   ‫‬                        ‫ون‪Ë‬א‬                                                 ‫א‬           ‫و‬
‫‪Ë‬‬       ‫ و ذא‬                               ‫א‬                        ‫א‬                                               ‫א‬                                                                            ‫א دم א‬
        ‫א‬                    ‫ذא‬                ‫م‬                                       ‫א‬                                                  ‫א‬                       ‫א‬               ‫א‬             ‫ذ‬
            ‫د א دم‬                                       ‫ذ‬                    ‫و‬                          ‫א‬                                                                         ‫? ? ن א دم‬
                                      ‫د‪K‬‬                 ‫א‬            ‫ذ‬           ‫ع‬                     ‫א‬                                                                                             ‫א‬
     ‫א‪Ò‬‬                      ‫אم א‬                            ‫א‬        ‫? א‬                      ‫א א د‬                               ‫אא‬                                         ‫ل1‬
        ‫م‬                                  ‫?2‬                                 ‫‪?ú‬‬                     ‫‬                                            ‫?‬                     ‫و‬                     ‫א‬

‫)‪(1) F-Secure (http://www.f-secure.com/weblog/archives/archive-042006.html‬‬
‫/‪(2) http://www.chase.com‬‬
    ‫א א‪ ª‬א د‬           ‫وא‬     ‫‪Ø‬و ‪ W‬א‬            ‫دא‬              ‫א‬                                               ‫69‬
          ‫‪ú‬א‬             ‫א‬                 ‫אم‬              ‫دא‬        ‫و‬                                  ‫د‬            ‫א‬
                                     ‫‪KE2-5F‬‬                  ‫א‬            ‫دم א ‪ú‬‬                                   ‫א‬
‫?‬         ‫‪?ú‬‬                     ‫א‬                              ‫ض‬          ‫‪E5-5F‬‬               ‫ضא‬
                                     ‫?‪K‬‬          ‫‪?ú‬‬                                  ‫ض‬         ‫‪E3-5F‬‬                 ‫وא‬
‫?‬         ‫و‬             ‫א‬           ‫א‪Ò‬‬              ‫אم א‬            ‫א א د ? א א‬               ‫א‬
                    ‫‪K‬‬         ‫‪Ø‬و‬           ‫دא‬               ‫א‬                    ‫‪ú‬‬       ‫א‬     ‫ذ‬                ‫ن‬
‫د‬             ‫א‬                  ‫‪ ú‬ن‬                   ‫א‬                                                    ‫د‬
         ‫א‬                                             ‫د‬        ‫‬               ‫א ‪ú‬‬               ‫‪Ø‬و و‬              ‫א‬
‫‬        ‫ن‬                    ‫א א א‬                     ‫وذ‬            ‫א‬                 ‫א د‬        ‫ً‬    ‫‪E4-5F‬‬
                                                                                 ‫‪Ø‬و ‪K‬‬           ‫دא‬               ‫א‬
‫א א ل‬            ‫‪ E4-5F‬‬                ‫א  و د‪  ª‬א‬                        ‫א‬       ‫א‬                  ‫‬
              ‫‪ ?KKK‬و‪ Ë‬و‬              ‫א‬           ‫א‬                                        ‫א‬              ‫? ذא‬
                                                                                                        ‫ل‪K‬‬
‫79‬                 ‫א א‪ ª‬א د‬     ‫وא‬        ‫‪Ø‬و ‪ W‬א‬   ‫دא‬   ‫א‬




     ‫ﺷﻜﻞ )5-2( ﺍﳌﻮﻗﻊ ﺍﳌﺰﻳﻒ ﳌﺼﺮﻑ "ﺗﺸﻴﺲ"‬




       ‫ﺷﻜﻞ )5-3( ﺷﻌﺎﺭ ﻣﺼﺮﻑ "ﺗﺸﻴﺲ"‬




       ‫ﺷﻜﻞ )5-4( ﺭﺳﺎﻟﺔ ﺍﻟﺘﻨﺒﻴﻪ ﺍﻟﺘﺤﺬﻳﺮﻳﺔ‬
 ‫א א‪ ª‬א د‬      ‫وא‬        ‫‪Ø‬و ‪ W‬א‬   ‫دא‬        ‫א‬                                ‫89‬




                          ‫ﺷﻜﻞ )5-5( ﻣﻮﻗﻊ ﻣﺼﺮﻑ "ﺗﺸﻴﺲ"‬


                              ‫5.2 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﱐ: ﺍﻟﺘﺼﻔﻴﺔ )‪(Filteration‬‬
      ‫א‬        ‫א‬               ‫א‬      ‫‪Ø‬و‬       ‫א× א‬
‫دאً‬            ‫‬      ‫ً‬       ‫‪ESpamF‬‬         ‫‪ Ù‬א‬            ‫دאً‬     ‫א‬
‫אع‬        ‫א‬   ‫‪Ø‬و‬    ‫א× א‬                        ‫א‬   ‫‪Ø‬و‬     ‫دא‬          ‫‪ª‬א‬     ‫‬
                                                 ‫‪KEdeception-based phishing emilsF‬‬
99                                                          ‫ א د‬ª‫א א‬              ‫وא‬                  ‫ א‬W ‫و‬Ø                     ‫دא‬           ‫א‬


(Security        Patches    ) ‫5.3 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻟـﺚ: ﺍﻟﺘﺤـﺪﻳﺜﺎﺕ ﺍﻷﻣﻨﻴـﺔ‬
                                                                     (Firewalls) ‫ﻭﺟﺪﺭﺍﻥ ﺍﳉﻤﺎﻳﺔ‬
ª         ‫א‬                 ‫א ع א‬                      ‫و‬Ø           ‫دא‬                 ‫א‬ª                    ‫אع‬
‫ز‬                  ‫ א‬ª‫א‬            ‫لא‬             ‫א‬                              ‫ و‬Etechnical                subterfugeF                      ‫א‬
       KEmalwareF               ‫א‬    ‫א ×א‬                   ‫ و‬ESpywareF                                ‫א‬          ‫ع א‬                          ‫א‬
    Eoperating systemsF                      ‫א‬                           ‫א‬ª                    ‫א‬
‫אن‬                              ‫א‬    ‫ و‬EInternet BrowsersF  ‫א‬                                                           ‫א‬ª                   ‫و‬
‫ل‬         ‫א‬                 ‫א‬       ‫و‬Ø                ‫دא‬                ‫א‬ª             ً              ً‫دא‬                   ‫א‬                ‫א‬
                                                                                                                      K            ‫ א‬ª‫א‬        ‫א‬
     ‫א‬            ‫א‬ª                                      ‫ א‬ª‫א‬             ‫لא‬            ‫א‬           1                      ‫א‬
EMozilla       FirefoxF ?                              ‫? ز‬                                        ‫א‬              ‫دא‬                   ‫א‬
Unified Resource Locator - F ‫אن‬                         ‫א‬                ‫و‬                 ‫א‬                ‫0.1 א‬                             ‫א‬
‫م‬         ‫א‬          ‫ل‬                           ‫ א‬Edownload windowF                                           ‫א‬                 EURL
                                                                                                              K                                
          ‫א‬         ‫ن‬                        ‫א‬                                                                          ‫א‬
K                       ‫ض א‬                                ‫א‬        K                                        ‫ضא و א‬
                            ‫א‬            ‫ل‬              ‫א‬                                              ‫ع א‬                                ª
          ‫و‬                              Ù                  ‫وא‬       ‫و‬Ø                                  ‫א‬                                    ‫א‬
                     ‫مא‬                             ‫و א‬                      ‫א‬       ‫א‬           ‫ذ‬                              ‫א‬

(1) “Firefox flaw raises phishing fears”, by Ingrid Marson, Published: January 7, 2005
    11:06 AM PST , (http://www.news.com/Firefox-flaw-raises-phishing-fears/2100-
    1002_3-5517149.html)
‫ א د‬ª‫א א‬         ‫وא‬                       ‫ א‬W ‫و‬Ø            ‫دא‬             ‫א‬                                                          100
                                                                                                        K
        ‫א ز‬ª                          ‫?א‬                          ‫? ز‬ª                          ‫א‬                   ú         ‫א‬
‫ع‬       ‫א‬             ‫د‬                                     ‫א‬                                                          ‫وو‬            ‫א‬
                                                                                            K               ‫א‬           ‫ل‬


Cross-Site Script             ) ‫5.4 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺮﺍﺑﻊ: ﺗﺼﻔﻴﺔ ﺍﻷﻛﻮﺍﺩ ﺍﻟﱪﳎﻴﺔ ﺍﳋﺒﻴﺜﺔ‬
                                                                                                                            (- XSS
      Emalicious content injectionF                                ‫א‬            Ò‫א‬              ª                            ‫ذ‬
                                 ‫و‬               ‫ن‬                    ‫د‬        ‫نא‬              ‫و‬Ø                  ‫دא‬            ‫א‬
      Ò‫א א‬    ‫م‬               ‫ن‬               KElegitimate siteF                                                    Emalicious contentF
                                                                                                                    W                            ‫א‬
                                      K                ‫א‬                         ‫א‬       ‫زא א‬                           ‫د‬        J
                                  K         ‫ز زא א‬                EmalwareF                                   ‫א‬                 J
     K ‫و‬Ø         ‫دא‬                       ‫دم א‬                   ‫ א‬               ‫ א‬ª               ‫א‬                ‫د‬        J
                 ‫ل‬               ‫א‬                               Ò‫א‬                 ª              ‫א‬               ‫ذ‬
                                 ‫אد‬                       EhackersF                                                     ‫א‬           ‫دم א‬
                              ‫ و‬Ecross-site                script - XSSF                                ‫א‬                ú        K‫אدم‬           ‫א‬
              K                                                   ú                                            Eprogramming flawF
    Euser reviewF                          ‫א وא‬                 ‫ و‬EblogsF ª ‫ א وא  א و‬ª                                               ‫א ل‬
ª                           ª              ‫ و‬Ediscussion                 boardsF ‫ش‬                        ‫א‬ª                              ‫و‬
      ‫א‬                  ‫א‬                       ‫א‬         ‫و‬Ø            ‫وא د  א × א‬                                       ‫و‬                  ‫א‬
‫101‬                                                                       ‫א א‪ ª‬א د‬                  ‫وא‬                    ‫‪Ø‬و ‪ W‬א‬                     ‫دא‬                 ‫א‬


                                                                                                                                ‫‪KEweb-based emailF‬‬
‫‪ª‬‬                       ‫‪Ø‬و‬        ‫دא‬                   ‫א‬                    ‫ع‬            ‫א‬                        ‫د‬                 ‫א‬                        ‫א‬
‫ א دم‬                                         ‫אد و د‬                       ‫א‬                                                            ‫א‬                ‫א‪Ò‬‬
                                                       ‫‪ ª‬א وא ‪K‬‬                                                                ‫م‬         ‫ن‬                              ‫و‬


‫5.5 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﳋﺎﻣﺲ: ﻟﻮﺣﺔ ﺍﳌﻔﺎﺗﻴﺢ ﺍﳌﺮﺋﻴﺔ )‪(Visual Keyboard‬‬
     ‫و‬                       ‫א‬         ‫א‬                             ‫‪ª‬א‬              ‫د لא‬
         ‫و‬              ‫‪Ø‬و‬        ‫لא‬               ‫א‬                       ‫‬                                                                                      ‫د ‬
         ‫א‬                      ‫‪ª‬‬         ‫א ‪ ª‬א‬                                   ‫وא‬                  ‫א‬                          ‫א‬                     ‫م‬             ‫א‬
                                                                                                                                ‫‪K‬‬                 ‫א‬                     ‫א‬
                                 ‫‪ª‬א‬            ‫א‬                    ‫دאً‬          ‫א‬                           ‫א‬            ‫א‬
‫ز‬                      ‫‪Ekey loggingF‬‬                   ‫א‬                  ‫א‪ª‬‬                            ‫‪ EmalwareF‬א ‬                                    ‫א‬        ‫א ×א‬
‫ص‬                      ‫وא‬                  ‫م‬                        ‫د א‬              ‫א‬               ‫‬                ‫م‬                           ‫و‬                      ‫א‬
                                                                                                 ‫‪K‬‬                ‫א‬                     ‫ل‬                     ‫‪ª‬‬          ‫א‬
                      ‫‪ ú‬א‬       ‫א‬                         ‫א‬                  ‫א‬                   ‫‪E6-5F‬‬                              ‫ضא‬
                                                                ‫‪K‬‬                        ‫ل‬                            ‫א‬                 ‫‪ª‬א‬                    ‫د ل‬
              ‫א ن‬                 ‫د‬                                                                                       ‫א‬                 ‫א‬
‫אم‬                ‫א‬              ‫‬         ‫א‬                   ‫א‬                                       ‫‪ ª‬א‬              ‫طא‬                                       ‫א‬
                                                                                ‫‪Ø‬و ‪K‬‬                     ‫ א א א‬                        ‫א‬                   ‫א‬
‫‪ª‬‬             ‫א‬              ‫‪ú‬‬                              ‫א‬                                    ‫ً‬                ‫ن‬            ‫א‬
                                                                                             ‫‪K‬‬       ‫א‬               ‫א‬                              ‫א‬                 ‫א‬
‫א א‪ ª‬א د‬      ‫وא‬       ‫‪Ø‬و ‪ W‬א‬     ‫دא‬        ‫א‬                             ‫201‬




          ‫ﺷﻜﻞ )5-6( ﻟﻮﺣﺔ ﺍﳌﻔﺎﺗﻴﺢ ﺍﳌﺮﺋﻴﺔ ﰲ ﺻﻔﺤﺔ ﺍﻟﺪﺧﻮﻝ ﻷﺣﺪ ﺍﳌﺼﺎﺭﻑ‬


‫‪Two-Factor‬‬         ‫ـﺮﺍﺀ ـﺎﺩ ـﺎﺩﺱ: ﺍﻟﺘﺼـ ﺍﻟﺜﻨـ‬
              ‫ـﺪﻳﻖ ـﺎﺋﻲ )‬          ‫5.6 ﺍﻹﺟـ ﺍﳌﻀـ ﺍﻟﺴـ‬
                                                                 ‫‪(Authentication‬‬
‫א‬    ‫אא‬       ‫? ‪ KEStrong AuthenticationF‬‬       ‫א‬        ‫ً ?א‬      ‫‪ú‬‬
          ‫‪K‬‬         ‫א‬            ‫ند‬                  ‫قא‬             ‫אم‬      ‫א‬
                                                 ‫‪W‬‬        ‫¯ ‪ ª‬ق‬
‫301‬                                                                     ‫א א‪ ª‬א د‬               ‫وא‬                   ‫‪Ø‬و ‪ W‬א‬                    ‫دא‬                 ‫א‬


            ‫א و ‪K‬‬              ‫م و‬                     ‫א‬                  ‫‪W?what you know?? ú‬‬                                       ‫ذא‬           ‫‪J‬‬
                      ‫‪Esmart cardF‬‬                      ‫א‬                       ‫??‪W?what you have‬‬                                     ‫ذא‬           ‫‪J‬‬
        ‫א‬                                  ‫‪ª‬א‬                   ‫א‬           ‫??‪ W ?what you are‬و‬                                                    ‫‪J‬‬
                                                                                                                                       ‫‪KEfingerprintF‬‬
            ‫א ع א ول و‬                                                  ‫א‬                 ‫‬                     ‫א‬                ‫א‬                 ‫א‬
    ‫ل‬           ‫א‬           ‫‬               ‫א‬                               ‫و و‬                        ‫‪ª‬‬                               ‫א‬                      ‫و‬
                                                                                                   ‫א و ‪K‬‬                 ‫م و‬                       ‫א‬
    ‫و‬                                 ‫אع א‬                 ‫א‬                        ‫אم‬            ‫א‬                  ‫א‬                     ‫א‬
            ‫‪K‬‬          ‫א‬            ‫אم א‬                ‫وא‬                       ‫א‬             ‫א و و‬                         ‫م و‬                       ‫א‬        ‫א‬
‫م‬               ‫‪ EATM‬وא ‬                  ‫א‪cardF ú‬‬                         ‫א‬                          ‫א‬                  ‫א‬                ‫ل‬
        ‫مא‬                      ‫א‬                   ‫א‬                   ‫‪K‬‬                ‫‪ú‬א‬               ‫א‬                                   ‫א‬
        ‫ً د ل‬                   ‫? و م‬                               ‫? ذא‬              ‫א عא‬                           ‫وא ‬                          ‫د لא‬
                                                                        ‫‪K? ú‬‬              ‫א ع א ول ? ذא‬                                                 ‫א و א‬
                                ‫‪ª‬א‬            ‫قא‬                            ‫‪Ø‬و‬            ‫دא‬                    ‫‪ª‬א‬                    ‫د ‬
        ‫‪ª‬‬                                                       ‫‪? ú‬‬             ‫א ع א ول ? ذא‬                                              ‫א و א ‬
            ‫אع א‬                                ‫א‬                   ‫א‬                     ‫‪ª‬‬                                   ‫א‬                ‫‬
                                                                                                           ‫?‪K‬‬                 ‫? و?‬                           ‫? ذא‬
        ‫‪Ø‬و‬                 ‫دא‬              ‫‪ª‬א‬                   ‫دאً ‬            ‫א אً‬          ‫م‬                              ‫א‬                     ‫א‬
‫د‬                   ‫‪ EMan-in-the-middle‬وא‬                               ‫‪AttackF‬‬                        ‫א‬                     ‫א‬
                ‫‪KEIdentity AttackF‬‬                                  ‫لא‬           ‫وא‬            ‫א א‬                                                ‫‪Ø‬و‬             ‫א‬
    ‫א א‪ ª‬א د‬         ‫وא‬               ‫‪Ø‬و ‪ W‬א‬                  ‫دא‬             ‫א‬                                                           ‫401‬
        ‫5.7 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺴﺎﺑﻊ: ﺍﻟﺘﺼﺪﻳﻖ ﺍﳌﺘﺒﺎﺩﻝ )‪(Mutual Authentication‬‬
‫א‬      ‫? ‪ KETwo-way AuthenticationF‬‬                                  ‫א‬             ‫א‬                       ‫ً ?א‬             ‫و ‪ú‬‬
              ‫م א دم‬                               ‫א‬                ‫وא دم‬                               ‫א‬        ‫ٍ‬       ‫ق‬            ‫א‬      ‫א‬
         ‫‬                     ‫א‬           ‫و‬               ‫و ‪Ù‬‬                          ‫א‬                    ‫א‬                               ‫א‬
                      ‫و‬                ‫א‬                    ‫א دم‬                                ‫ً‬           ‫‪ EBiometricsF‬و‬                   ‫א‬
        ‫ً‪K‬‬        ‫ً‬        ‫ن‬           ‫א دم ن‬                                                           ‫د و‬              ‫دم א‬
                  ‫ً‬        ‫ل‬           ‫א‬               ‫‬              ‫א‬                         ‫א دل‬                        ‫א‬
                                                                                                    ‫‪K‬‬
         ‫א‬            ‫و‬                ‫د א‬                 ‫א‬              ‫א‬                     ‫‪E7-5F‬‬                    ‫א‬
                                                                                   ‫א دل‪K‬‬                            ‫א‬           ‫‪E8 J5F‬‬
‫م‬                                          ‫א‬                   ‫א دم‬                                          ‫א ق א‬
‫م‬             ‫و  ‪EphraseF‬‬                                                        ‫א دم ن א‬                                                   ‫א‬
‫م‬            ‫وא دم‬                 ‫א‬       ‫ل‬           ‫א‬                      ‫‪K‬‬             ‫א‬                    ‫א دم‬
         ‫א‬            ‫ذא‬                       ‫א‬               ‫ً‬                 ‫א‪ Ò‬د‬                      ‫وא‬            ‫ضא‬              ‫א دم‬
                                                                          ‫א دم‪K‬‬                                                             ‫وא‬
             ‫‪Ø‬و‬       ‫دא‬                   ‫‪ª‬א‬              ‫دאً ‬              ‫א‬         ‫م‬                    ‫א دل‬                ‫א‬
‫د‬             ‫‪ EMan-in-the-Middle‬وא‬                             ‫‪AttackF‬‬                         ‫א‬                   ‫א‬
             ‫‪KEIdentity AttackF‬‬                                ‫لא‬     ‫وא‬            ‫א א‬                                         ‫‪Ø‬و‬          ‫א‬
‫501‬                          ‫א א‪ ª‬א د‬       ‫وא‬    ‫‪Ø‬و ‪ W‬א‬     ‫دא‬            ‫א‬




                ‫ﺷﻜﻞ )5-7( ﺍﻟﺘﺼﺪﻳﻖ ﺍﻷﺣﺎﺩﻱ ﺍﻻﲡﺎﻩ‬




                    ‫ﺷﻜﻞ )5-8( ﺍﻟﺘﺼﺪﻳﻖ ﺍﳌﺘﺒﺎﺩﻝ‬


‫5.8 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺜﺎﻣﻦ: ﺃﺷـــﺮﻃﺔ ﺃﺩﻭﺍﺕ ﻣﻜﺎﻓﺤـﺔ ﺍﻻﺻـﻄﻴﺎﺩ‬
                          ‫ﺍﻻﻟﻜﺘﺮﻭﱐ )‪(Anti-Phishing Toolbars‬‬
‫ن‬     ‫و‬         ‫و‬       ‫زא‬                        ‫א دوא‪ª‬‬
       ‫‪E9-5F‬‬    ‫ضא‬      ‫‪KEApplicationF‬‬                    ‫א‬    ‫د א‬
‫‪Internet‬‬   ‫?‪F‬‬        ‫א  ?‪Ø‬‬              ‫א‬            ‫?‬            ‫دوא‪? ª‬‬
                                                              ‫‪KEExplorer‬‬
    ‫ א د‬ª‫א א‬                ‫وא‬                 ‫ א‬W ‫و‬Ø                    ‫دא‬                    ‫א‬                                                        106
ª            ‫א‬                             ‫مא‬             ‫و‬Ø                      ‫دא‬                     ‫א‬ª                                       ً‫دא‬
ª‫دوא‬                         ‫ج‬              ?                 ‫و‬                   ?                ª          ×‫א‬                  ‫? و‬eBay?
         EAdd-onF ª                                                               ‫و‬Ø                ‫دא‬              ‫א‬                     
         KEE-Mail ClientF ‫و‬Ø                                          ‫א× א‬                                ‫و א‬             ‫א‬              ‫א‬ª
‫د‬        ‫א‬           ‫א‬                 ‫ز‬            ‫م‬             ‫א‬                           ‫م‬                              ‫א‬                     ‫و‬
        ú                ‫א‬        ‫و‬Ø            ‫دא‬                    ‫א‬                        ª‫دوא‬                      ‫ل‬                ª K
       ‫א אد ز‬                    ‫א‬            ‫م‬                 ‫א‬                                  ‫و‬Ø            ‫دא‬             ‫א‬                 ‫و‬        ‫א‬
                         EdatabasesF ª                                    ‫א‬                    ‫א× א א د‬                      ‫م و‬                  ‫א‬
                         ‫א‬                     ‫و א‬                          ‫א א‬                       ‫و‬Ø         ‫دא‬                ‫א‬                 ‫א و‬
                 ‫و‬                    ‫و‬Ø            ‫دא‬                        ‫א‬        ‫ א‬ú                    ‫א‬                          ª
                ً            ‫م‬                     ª‫א دوא‬                             ‫و‬K                                             ‫א א د‬ª                     ‫א‬
             ‫قא‬                   ‫א‬                           ‫و‬Ø                      ‫دא‬                 ‫א‬         ‫و א‬                                  ú        ‫א‬
‫د‬            ‫א‬ª                        ú                 EpatternsF                                 ‫א‬         ú             Eheuristic methodsF
                                                                                                                                              K ‫و‬Ø               ‫א‬
‫د‬            ‫א‬                         ª‫دوא‬                                                              E1-5F ‫ول‬                    ‫ضא‬
                                                        K  ‫א‬                              ‫א‬                  ‫وא‬                                        ‫و‬Ø       ‫א‬
Phishing     F                              ‫و‬Ø            ‫دא‬                           ‫א‬                     ª‫دوא‬                             ً
‫א‬                        K             ‫א‬                 ‫?א‬                                         Ø?                  ‫א‬                ‫ 1 א‬EFilter
                                  ‫א‬             ‫ذא‬                            ‫مز‬                    ‫א‬                                                       ×‫א‬
                              ‫نא‬                    ‫אن- ز‬                     ‫א‬                               -              ‫א‬               

(1) “Microsoft Phishing Filter: A New Approach to Building Trust in E-Commerce
    Content”, anti-phishing white paper, Microsoft.com,2005
‫701‬                                                      ‫א א‪ ª‬א د‬       ‫وא‬               ‫‪Ø‬و ‪ W‬א‬        ‫دא‬            ‫א‬


‫‪ª‬‬                      ‫م‬                                         ‫ض‬                 ‫א‬                     ‫م‬         ‫א‬
                               ‫‪KE10-5F‬‬                      ‫א‬                         ‫ א‬              ‫و‬
                 ‫‪ª‬ز‬            ‫א‬            ‫ن א‬        ‫‪EPhishing‬‬     ‫‪FilterF‬‬                     ‫ ل‬
‫אن –‬        ‫א‬                       ‫–‬               ‫א‬       ‫‬                ‫د‪J‬‬              ‫א‬          ‫م‬         ‫א‬
‫د‬           ‫א‬          ‫ض‬                                             ‫م‬            ‫א‬               ‫نא ‬            ‫ز‬
            ‫قא‬                  ‫אن‬                                                 ‫ً‬     ‫و ض‬             ‫‪Ø‬و‬           ‫א‬
        ‫م‬        ‫و א‬                               ‫‪Ø‬و‬      ‫دא‬           ‫א‬               ‫א  ض‬                   ‫وא‬
                                                                                          ‫‪KE11-5F‬‬                ‫א‬
‫‪- 5F‬‬            ‫א دوא‪ 1 ?SpoofGuard? ª‬א وض  א‬                                                     ‫ل‬
        ‫ذא ن א‬            ‫م‬            ‫א‬                   ‫א אد ز‬         ‫א‬          ‫א دא‬                  ‫21‪KE‬‬
‫א دא‬             ‫ א و ذא ‪Í‬‬                               ‫ض א دא‬              ‫د‬           ‫א‬                    ‫‪ú‬‬
    ‫א‬              ‫ض א دא‬                            ‫دم‬          ‫א‬                     ‫ذא ن א‬               ‫‪ú‬‬        ‫א‬
                  ‫א‪K‬‬                          ‫ض א دא‬                                          ‫א‬             ‫و ذא ‪ Ë‬א‬




‫ﺷﻜﻞ )5-9( ﺷﺮﻳﻂ ﺃﺩﻭﺍﺕ ﺟﻮﺟﻞ ﻋﻠﻰ ﻣﺘﺼﻔﺢ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﳌﻴﺔ "ﺇﻧﺘﺮﻧﺖ ﺇﻛﺴـﺒﻠﻮﺭﺭ"‬
                                                                     ‫)‪(Internet Explorer‬‬




‫‪1 crypto.stanford.edu/SpoofGuardL‬‬
‫ א د‬ª‫א א‬      ‫وא‬       ‫ א‬W ‫و‬Ø    ‫دא‬   ‫א‬                                108
       . ‫ﺍﳉﺪﻭﻝ )5-1(. ﻗﺎﺋﻤﺔ ﺃﺷﺮﻃﺔ ﺃﺩﻭﺍﺕ ﻣﻜﺎﻓﺤﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ‬
            ‫ﺭﺍﺑﻂ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﳌﻴﺔ‬                   ‫ﺷﺮﻳﻂ ﺍﻷﺩﻭﺍﺕ‬
             microsoft.com/ie          Internet Explorer 7 Phishing Filter
     pages.ebay.com/ebay_toolbar                     eBay
          www.callingid.com                        CallingID
             cloudmark.com                       CLOUDMARK
               earthlink.net                       EarthLink
        toolbar.trustwatch.com                    TrustWatch
    crypto.stanford.edu/SpoofGuard                SpoofGuard




‫ﺷﻜﻞ )5-01( ﺭﺳﺎﻟﺔ ﺍﻟﺘﻨﺒﻴﻪ ﻋﻦ ﻣﻮﺍﻗﻊ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﺍﳌﺸـﺒﻮﻫﺔ ﰲ ﺍﳌﺘﺼـﻔﺢ‬
                                           "‫"ﺇﻧﺘﺮﻧﺖ ﺇﻛﺴﺒﻠﻮﺭﺭ‬
‫901‬                            ‫א א‪ ª‬א د‬    ‫وא‬       ‫‪Ø‬و ‪ W‬א‬    ‫دא‬       ‫א‬




  ‫ﺷﻜﻞ )5-11( ﺭﺳﺎﻟﺔ ﺍﻟﺘﻨﺒﻴﻪ ﻋﻦ ﻣﻮﺍﻗﻊ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ ﰲ ﺍﳌﺘﺼﻔﺢ "ﺍﻧﺘﺮﻧﺖ‬
                              ‫ﺍﻛﺴﺒﻠﻮﺭﺭ"‬




      ‫ﺷﻜﻞ )5-21( ﺷﺮﻳﻂ ﺃﺩﻭﺍﺕ ﻣﻜﺎﻓﺤﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ "‪"SpoofGuard‬‬
‫ א د‬ª‫א א‬                 ‫وא‬                 ‫ א‬W ‫و‬Ø             ‫دא‬                ‫א‬                                                                        110
Anti-   ) ‫5.9 ﺍﻹﺟﺮﺍﺀ ﺍﳌﻀﺎﺩ ﺍﻟﺘﺎﺳﻊ: ﺑﺮﺍﻣﺞ ﻣﻜﺎﻓﺤﺔ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘـﺮﻭﱐ‬
                                                                                                   (Phishing Software
ª                                   ‫ א‬Esecurity                softwareF                       ‫א‬            ‫א‬
‫ل‬            ‫א‬                      ‫و א‬                            ‫א‬                     ‫א‬                                ‫و‬Ø               ‫دא‬                 ‫א‬
                                                                                                                                     K         ‫ א‬ª‫א‬             ‫א‬
‫د‬                ‫א‬              ‫و‬            ‫א‬                 ú             ‫ًא‬                          ‫א ×א‬
        ‫و‬Ø           ‫دא‬              ‫א‬                        ª‫دوא‬                                 ‫א‬                                                ‫و‬Ø        ‫א‬
            ‫א‬ª                                   ª                  ª‫دوא‬                                        Ø‫م‬                                ‫א‬        ‫×א‬
                                                                            K ‫و‬Ø                   ‫א× א‬                                      ‫و א‬            ‫א‬
‫د‬                ‫א‬ª                                  ‫א‬                           K                     ً                                ‫א‬
ª‫א‬          ª                   ‫ و‬EmalewareF                            ‫א‬         ‫א ×א‬                          ً                                     ‫و‬Ø        ‫א‬
    K                ‫وא‬             ‫א‬ª                    ‫א‬                  ‫د‬              ‫ א‬Ekey loggerF                                           ‫א‬
        K                  ‫א‬                ‫א‬                              ‫ط‬                      ‫א‬                   ‫א‬        ‫א‬
                     ‫א‬                           ‫א‬             ‫א‬       ‫×א‬                     ‫ض‬                    E2-5F ‫ول‬                          ‫א‬
                 K  ‫א‬                   ‫א‬                     ‫وא‬                                        ‫و‬Ø                 ‫دא‬                 ‫א‬ª


                     ‫ﺟﺪﻭﻝ )5-2( ﻗﺎﺋﻤﺔ ﺑﺮﺍﻣﺞ ﺍﳊﻤﺎﻳﺔ ﺿﺪ ﻫﺠﻤﺎﺕ ﺍﻻﺻﻄﻴﺎﺩ ﺍﻻﻟﻜﺘﺮﻭﱐ‬
                           ‫א‬                    ‫א א‬                                                                ‫א‬
                       kaspersky.com                                               Kaspersky Internet Security
                       symantec.com                                                 Norton Internet Security
                        mcafee.com                                                McAfee Internet Security Suite
                      trendmicro.com                                              Trend Micro Internet Security
                      bitdefender.com                                             BitDefender Internet Security
                         grisoft.com                                                 AVG Internet Security
                     pandasecurity.com                                               Panda Internet Security
111                              ‫ א د‬ª‫א א‬        ‫وא‬        ‫ א‬W ‫و‬Ø          ‫دא‬                           ‫א‬


                           ‫دات‬       ‫ا‬
 Access
                                                                                        ‫ل‬            ‫א‬
 Active Attack
                                                                                ‫א م א‬
 Address Obfuscation
                                                                   ‫אن‬           ‫א‬
 ATM
                                                                ‫א‬ú                  ‫א‬
 Anti-Phishing Toolbars
                                 ‫د‬            ‫א‬                ª‫دوא‬
                                                                                    ‫و‬Ø               ‫א‬
 Anti-Phishing Softwares
                                             ‫و‬Ø        ‫دא‬          ‫א‬                            ‫א‬
 Application

 Attachments
                                                                                    ª
 Attacker
                                                                                                ‫א‬
 Authentication
                                                                                                     ‫א‬
 Backdoors
                                                                                        ª‫א‬
 Bandwidth
                                                               ‫ل‬            ‫א‬
 Bank
                                                                                    ú
 Biometrics
                                                                            ‫א‬                       ‫א‬
 Black List
                                                                       ‫دא‬           ‫א‬                ‫א‬
 Blog
                                                                                            ‫و‬
 Bounced E-Mail
                                                       ‫و א‬Ø           ‫א× א‬
 Browser
                                                                                                    ‫א‬
‫ א د‬ª‫א א‬        ‫وא‬     ‫ א‬W ‫و‬Ø   ‫دא‬   ‫א‬                                    112
Chat Rooms
                                                               ‫ د‬Ò‫ א‬ú
Commercial Whitelists
                                                     ‫א‬             ‫א א א‬
Computer
                                                                   ª
Configuration
                                                         L ‫ א אد‬L
Content
                                                                               
Cracker
                                                                       ª
Database
                                                           ª
Data Integrity
                                          ª     ‫א‬E             ‫و‬F
Dialog Box
                                                           ‫א‬       ‫وق‬
Dictionary Attack
                                                     ‫س‬             ‫א‬
Discussion Boards
                                                         ‫א ش‬ª
DNS Poisoning
                                          ª     ‫ א‬Ú ‫دم‬
Domain Name
                                                               ‫ق‬       ‫א‬       ‫א‬
Download

E-mail
                                                         ‫و‬Ø            ‫א× א‬
E-mail account
                                               ‫و‬Ø        ‫א× א‬ª
E-mail address
                                               ‫و‬Ø         ‫אن א × א‬
E-mail client
                                          ‫و‬Ø    ‫א× א‬
E-mail Filtering
                                               ‫و‬Ø         ‫א× א‬
E-Mail Header
                                                          ‫سא‬               ‫و‬
E-Mail Route
                                          ‫و‬Ø    ‫א× א‬
113                   ‫ א د‬ª‫א א‬   ‫وא‬                  ‫ א‬W ‫و‬Ø                ‫دא‬                  ‫א‬

 E-mail Server
                                                      ‫و‬Ø           ‫دم א × א‬
 Fax
                                                           E                ‫א‬F
 Filtering

 Firewalls
                                                                                    ‫א א‬
 Form
                                                                                    ‫ذج‬
 Forums
                                                                            ª              ‫א‬
 Hackers
                                  E‫א ز‬F  ‫א‬                                    ‫ א‬Ø
 Heuristics Methods
                                                                                ‫א قא‬
 Hosts File
                                                               ‫א אدم א‬
 HTML
                                                      ‫א‬                ‫א‬        Ø‫א‬
 HTTP
                                            ‫א‬                 ‫א‬            ‫لא‬
 Inquiry
                                                                                ‫م‬           ‫א‬
 Install
                                                      L                     L
 Instant Messenging
                                       ‫א‬             ‫א‬Ø ‫ א‬L                ‫א‬         ‫א‬Ø ‫א‬
 Internet
                                                                     ‫א‬                     ‫א‬
 Integrity Check
                                                                    ‫א‬                       ‫א‬
 IP Address
                                             Ø ‫لא‬                           ‫אن و‬
 IPS
                                                 ª ‫א‬Ø                   ‫א‬
 Junk mail
                                                       ª            ‫ א‬Ù                  ×‫א‬
 Keystroke Logger
                                                 ‫א‬                ª‫א‬
 Locally
                                                                                          
‫ א د‬ª‫א א‬      ‫وא‬       ‫ א‬W ‫و‬Ø   ‫دא‬       ‫א‬                                          114
Look and Feel
                                                           ‫س‬                ‫وא‬           ‫א‬
Malicious content
                                                                                         
Malware
                                                                        ‫א‬            ‫א ×א‬
Man-In-The-Middle
                                                           ‫א‬               ‫א‬
Message body
                                                                                 ‫א‬
Mutual Authentication
                                                           ‫א دل‬                         ‫א‬
OCR
                                                  ً   ú ‫א‬                   ú            ‫א‬
Online
                                                      ‫ل‬        ‫א‬L               ‫ل‬        ‫א‬
Online trust
                                                                         ‫قא‬              ‫א‬
Open Mail Rely
                                                ª ‫و א‬Ø         ‫دم א × א‬
Operating System
                                                                                ‫مא‬
Passive Attack
                                               ‫ א م א‬L                ‫א م א‬
Password
                                                                    ‫א و‬
                                      ª       ‫ א‬Ú ‫ دم‬ª                                  ‫א‬
Pharming
                                                                    ‫א‬                ‫א‬L
Phishing                                               ‫و‬Ø           ‫دא‬                   ‫א‬
POP3
                                                      ×‫א‬            ‫ل‬                ‫و‬
Popup
                                                                ‫ א‬ª                     ‫א‬
Programming Flow

Regular Expressions
                                                                ‫ א‬ª‫א‬Ù ‫א‬
Scam
                                                                ‫אع‬
115                          ‫ א د‬ª‫א א‬   ‫وא‬   ‫ א‬W ‫و‬Ø             ‫دא‬                      ‫א‬

 Search Engines
                                                                 ‫א‬ª 
 Security Updates
                                                           ‫א‬ª                        ‫א‬
 Server
                                                                             ‫א دم‬
 Smart Card
                                                                     ‫א‬               ‫א‬
 SMTP
                                              ‫א× א‬           ‫ل‬                   ‫و‬
 SMS
                                                Ù
 Social Engineering
                                                                 ‫א‬               ‫א‬
 Spywares
                                                                         ‫א‬       ‫א‬
 Strong Authentication
                                                             ‫א‬                       ‫א‬
 Subject
                                                                 ‫عא‬
 Text Field

 Tools
                                                            ‫ א‬ª‫א دوא‬
 Traffic
                                                                                     ‫א‬
 Two-Factor Authentication
                                                             ‫א‬                       ‫א‬
 Upgrade
                                                          Ø ‫ א‬ª‫א א‬
 User name
                                                      ‫م‬                  ‫א‬          ‫א‬
 Version number
                                                                             ‫א‬
 Virus
                                                                         ‫وس‬Ù
 Visual Keyboard
                                                     ‫א‬              ‫א‬
 Vulnerability

 Web browser
                                                ‫א‬               ‫א‬
‫ א د‬ª‫א א‬    ‫وא‬   ‫ א‬W ‫و‬Ø   ‫دא‬     ‫א‬                      116
Webmail                          ‫א‬   ‫א‬    ‫و א‬Ø       ‫א× א‬
White List
                                                    ‫א‬      ‫א‬
Window

Worm
                                                         ‫دود‬
www
                                                 ‫א‬        ‫א‬
117                                  ‫ א د‬ª‫א א‬        ‫وא‬          ‫ א‬W ‫و‬Ø    ‫دא‬       ‫א‬


                                 ‫ا ــــــــ‬           ‫ا‬
• Jonathan B. Postel, "SIMPLE MAIL TRANSFER PROTOCOL", RFC 821,
  (http://tools.ietf.org/html/rfc821), August 1982.
• Network Working Group, "Requirements for Internet Hosts -- Application and
  Support", RFC 1123, (http://tools.ietf.org/html/rfc1123), May 1996.
• Network Working Group, "Post Office Protocol - Version 3", RFC 1939,
  (http://tools.ietf.org/html/rfc1939), May 1996.
• Network Working Group, "MAIL ROUTING AND THE DOMAIN
  SYSTEM", RFC 974, (http://tools.ietf.org/html/rfc974) , January 1986.
• Network Working Group, "Common DNS Operational and Configuration
  Errors", RFC 1912, (http://tools.ietf.org/html/rfc1912) , February 1996.
             ? ‫د‬    ‫א‬      ‫א‬      ‫ א‬           ‫א‬                ‫א א‬       ‫א‬    ?   •

      ‫ 8002م‬J             1429 ª                 ‫א‬               ‫و‬ª             ‫א‬
                               Ehttp://www.spam.gov.sa/Statistics-Arabic.docF
• The State of Spam, A Monthly Report – February 2007, Generated by
  Symantec Messaging and Web Security
   (http://www.symantec.com/avcenter/reference/Symantec_Spam_Report_-
  _February_2007.pdf).
• 2006 Spam Trends Report: Year of the Zombies, December 27, 2006,
  Commtouch® Software Ltd.,
  (http://www.commtouch.com/documents/Commtouch_2006_Spam_Trends_Ye
  ar_of_the_Zombies.pdf).
• CALIFORNIA BUSINESS AND PROFESSIONS CODE, DIVISION 7,
  PART 3, CHAPTER 1, ARTICLE 1.8.Restrictions On Unsolicited
    Commercial E-mail AdvertisersK

•   ?Virus   description service" from "F-Secure", (http://www.f-secure.com/v-
    descs/novarg.shtm).
    W‫אن‬      2004\×       ‫13\د‬                ª            ‫42 א‬         ‫א‬            •
      SA cops, Interpol probe murder” ?
      (http://www.news24.com/News24/South_Africa/News/0,,2-7-
      E1442_1641875,00.html
• Thomas A. Knox,Technologies to Combat Spam, GIAC Security Essentials
‫ א د‬ª‫א א‬       ‫وא‬        ‫ א‬W ‫و‬Ø     ‫دא‬        ‫א‬                          118
    Certification (GSEC) Practical Assignment, Version 1.4b, Option 1 , SANS
    Institute, June 16, 2003K
• “Gmail uses Google's innovative technology to keep spam out of your inbox”,
  gmail.com, (http://www.google.com/mail/help/fightspam/spamexplained.html),
    December, 2007K

•   ? Nick Johnston, PDF Spam: Spam Evolves, PDF becomes the Latest Threat",
    Anti-Spam Development at MessageLabs, A MessageLabs Whitepaper,
    August 2007K
• Anti-Spam Research Group (ASRG) of the Internet Research Task Force
    (IRTF), (http://asrg.sp.amL).
• Mark Ciampa, “Security + Guide to Network Security Fundamentals”, 2nd
  edition, THOMSON, 2005.
• M. Jakobsson, S. Myers, “Phishing and Countermeasures: Understanding the
  Increasing Problem of Electronic Identity Theft”, WILEY, 2007.
• R. Lininger, R. Vines, “Phishing: Cutting the Identity Theft Line”, WILEY,
  2005.
• L. James, “Phishing Exposed”, SYNGRESS, 2005.
• A. Emigh, "Online Identity Theft: Phishing Technology, Chokepoints and
  Countermeasures", Radix Labs, October 3, 2005.
¯ ‫א‬        ‫א‬             ‫و א‬Ø       ‫دא‬            ‫א‬   ‫د‬            ‫?و‬      •

      ‫ذ א‬       14          ‫א‬    ‫د‬        ‫ضא‬       ‫א‬       × ‫א‬      ? ‫د‬     ‫א‬
                                13718 ‫ א د‬J ‫6002م‬                14 J 1426
• Christopher Abad, “The economy of phishing: A survey of the operations of
  the phishing market”, First Monday, volume 10, number 9, September 2005,
  (http://firstmonday.org/issues/issue10_9/abad/index.html). M. Jakobsson, S.
  Myers, “Phishing and Countermeasures: Understanding the Increasing Problem
  of Electronic Identity Theft”, Wiley, 2007.
• The Anti-Phishing Working Group, www.apwg.com.
• Phishing Activity Trends, Report for the Month of November, 2007, Anti-
  Phishing Working Group (APWG), apwg.org
• Gartner, Media Relations, 2008 Press Releases, “Gartner Survey Shows
  Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These
  Attacks”, (http://www.gartner.com/it/page.jsp?id=565125), 05-March-2008.
• Joris Evers, Staff Writer, “PayPal fixes phishing hole”, CNET News.com,
119                                  ‫ א د‬ª‫א א‬     ‫وא‬        ‫ א‬W ‫و‬Ø    ‫دא‬        ‫א‬

    (http://www.news.com/PayPal-fixes-phishing-hole/2100-7349_3-
    6084974.html) , Published: June 16, 2006 4:12 PM PDT.
•   Sebastian Bauer, “Knorr.de SQL Injection and XSS Vulnerabilities”,
    (http://blog.gjl-network.net/blog/index.php?/archives/78-Knorr.de-SQL-
    Injection-and-XSS-Vulnerabilities.html) , 01/12/07.
•   http://www.antiphishing.org/phishing_archive/Citibank_3-31-04.htm
•   Ingrid      Marson,       “Firefox       flaw     raises  phishing     fears”,
    (http://www.news.com/Firefox-flaw-raises-phishing-fears/2100-1002_3-
    5517149.html), Published: January 7, 2005 11:06 AM PST
•   Network Working Group, "Hypertext Transfer Protocol -- HTTP/1.1", RFC
    2616, June 1999, (http://tools.ietf.org/html/rfc2616)
•   “Microsoft Phishing Filter: A New Approach to Building Trust in E-Commerce
    Content”, anti-phishing white paper, Microsoft.com,2005

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:24
posted:1/30/2011
language:Arabic
pages:120