The present invention relates to a user terminal, a malicious site information management server, and a method and a program for blocking an unauthorized request.
In recent years, the number of Internet crimes has increased as the Internet has become more popular. Particularly, even though individuals who have little knowledge of security make efforts to not store important information in their computer, they may sometimes be exposed to criminal acts such as hacking, forewarning of crimes, and the like, which are based on computers, thereby becoming involved in cybercrimes.
For example, malicious sites may be used to be seen as if users provide information for threatening their social status, such as forewarning of crime. Also, so-called “phishing” sites may be copied from a design of, e.g., an Internet banking site as if to be seen as reliable sites, thereby seducing users into inputting their account information.
However, using the Internet is of benefit to computer users. Accordingly, it is required to block a communication that may cause damage to users while continuously using the Internet.
In view of the above, Japanese Patent Application Publication No. 2008-532133 (JP2008-532133A) discloses a system and a method for detecting and alleviating a Trojan horse that disguises itself as a DNS (Domain Name System).
In JP2008-532133A, there is disclosed a disguise detecting method which is performed by receiving an required IP address and a IP request notification related to a desired hostname and detecting whether or not the required IP address is matched with the desired hostname.
The DNS is configured to mainly translate a hostname into an IP address. When a communication destination is defined by using a hostname, the DNS is needed to specify the communication destination by using an IP address. However, when the DNS is tampered with through a malicious software such as a Trojan horse, users may think that they are communicating with a device with a reliable hostname, but may not recognize the fact that their information is actually being transmitted to another device.
According to the method disclosed in JP2008-532133A, such tampering is prevented by detecting whether or not the IP address is adequately related to the hostname that is determined to be a correct hostname. However, the method disclosed in JP2008-532133A can merely prevent the communication destination from being tampered with and may not effectively work in communication with a website designed to perform an unauthorized request while allowing a correct hostname to correspond to an IP address from the first time.
Further, there is a method for preventing so-called cross-site scripting which executes a program on another website as a well-known technique. However, such a method can merely prevent the execution of a program on a browser. If a user clicks on a malicious link disguised as a normal one without recognizing it, such a method cannot block the performance of inherent functions of the browser.
Accordingly, the present inventor paid attention to the point that it is possible to prevent private information from being transmitted to an external terminal by searching whether or not a non-preferable and improper word is contained in all requests that are transmitted to a website by a user and stopping the communications when the non-preferable improper word is contained therein.