Upload
akshara-sharma
View
227
Download
0
Embed Size (px)
Citation preview
8/2/2019 Akshara Pts Report FINAL
1/36
ABSTRACT
With increasing security measures in network services, remote exploitation is getting harder. As a
result, attackers concentrate on more reliable attack vectors like email victims are infected using
either malicious attachments or links leading to malicious websites. Therefore efficient altering and
blocking methods for spam messages are needed. Unfortunately, most spam altering solutions
proposed so far are reactive, they require a large amount of both ham and spam messages to
efficiently generate rules to differentiate between both. In this paper, we introduce a
more proactive approach that allows us to directly collect spam message by interacting with the
spam botnet controllers. We are able to observe current spam runs and obtain a copy of latest spammessages in a fast and efficient way. Based on the collected information we are able to generate
templates that represent a concise summary of a spam run. The collected data can then be used to
improve current spam altering techniques and develop new venues to efficiently alter mails.
1
8/2/2019 Akshara Pts Report FINAL
2/36
Chapter-1
ABOUT CYBER CRIME
The Oxford Reference Online defines cyber crime as crime committed over the Internet. The
Encyclopedia Britannica defines cyber crime as any crime that is committed by means of special
knowledge or expert use of computer technology. So what exactly is Cyber Crime? Cyber crime
could reasonably include a wide variety of criminal offences and activities. The Internet or Cyber
Space as it s sometimes called, is a borderless environment unlike a brick and mortar world. Even
though it is indispensable as a knowledge bank, it is an ideal tool for someone with a criminal bent
of mind, who can use this environment to his/ her maximum advantage. It is not a surprise that
Cyber Crimes like money cyber stalking, denial of service, e-mail abuse, chat abuse and other
crimes are on the rise. Cyber Terrorist and cyber mafia are emerging with great force, whose
activities are going to threaten the sovereignty of nations and world order.
Since the beginning of civilization, man has always been motivated by the need to make progress
and better the existing technologies. This has led to tremendous development and progress which
has been a launching pad for further development . Of all the significant advances made by
mankind from the beginning till date. Probably the most important of them is the development of
Internet to put in a common mans language internet is a global network of computers, all
speaking the same language. In 1969, America's Department of Defense commissioned the
construction of a Super network called ARPANET. The Advanced Research Projects
Agency Network (ARPANET), basically intended as a military network of 40 computers
connected by a web of links & lines. This network slowly grew and the internet was born.
2
8/2/2019 Akshara Pts Report FINAL
3/36
By 1981, over 200 computers were connected from all around the world. Now the figure runs
into millions. The real power of today's internet is that it is available to anyone with a computer
and a telephone line. Internet places in an individual' s hand the power of information and
communication.
Internet usage has significantly increased over the past few years. The number of data packets
which flowed through the Internet increased from 153 million in 1988 to 60,587 million in 1994
Chapter-1
and the number of host computers increased from 235 in 1982 to 3.2 million in 1994.
According to International Data Corporation ("IDC"), approximately 233.3 million devices areestimated to be connected to the Internet by the year 2000 versus approximately12.6 million
devices in 1995. IDC also estimates that approximately 163 million individuals or entities will use
the Internet by the year 2000 as opposed to16.1 million in 1995. If left to its own measure, it is
highly unlikely that such a trend can reverse itself .Internet is believed to be full of anarchy and a
system of law and regulation therein seems contradictory. However, Cyberspace is being
governed by a system of law calledCyberlaw. Cyberlaw is a generic term which refers to all thelegal and regulatory aspects of internet. Publishing a web page is an excellent way for any
business to vastly increase its exposure to millions of individuals world-wide. It is that feature
of the Internet which is causing much controversy in the legal community.
Cyberlaw is a constantly evolving process. As the Internet grows, numerous legal issues arise.
One of the most important issues concerning cyberspace today is that of Cybercrime. WhenInternet was developed, the founding fathers of Internet hardly had any inclination that Internet
could also be misused for criminal activities. Today, there are many disturbing things happening in
cyberspace. Cybercrime refers to all the activities done with criminal intent in cyberspace. These
could be either the criminal activities in the conventional sense or could be activities, newly
evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it
is possible to engage into a variety of criminal activities with impunity and people with
3
8/2/2019 Akshara Pts Report FINAL
4/36
intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal
activities in cyberspace. The field of Cybercrime is just emerging and new forms of criminal
activities in cyberspace are coming to the forefront with the passing of each new day.
There can be no one exhaustive definition about Cybercrime. However, any activities which basically offend human sensibilities, can also be included in its ambit. Child Pornography
on the Internet constitutes one serious Cybercrime. Similarly, online pedophiles, using
internet to induce minor children into sex, are as much Cybercriminals as any other. Cybercrimes
Chapter-1
committed against persons include various crimes like transmission of child-pornography,harassment of any one with the use of a computer such as e-mail, and cyber-stalking. Thetrafficking, distribution, posting, and dissemination of obscene material including
pornography, indecent exposure, and child pornography, constitutes one of the most important
Cybercrimes known today. The potential harm of such a crime to humanity can hardly be
overstated. This is one Cybercrime which threatens to undermine the growth of the younger
generation as also leave irreparable scars and injury on the younger generation, if not
controlled.
Similarly, Cyber harassment is a distinct Cybercrime. Various kinds of harassment can and does
occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial,
religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes.
Cyber harassment as a crime also brings us to another related area of violation of privacy of
netizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes
any other person invading the precious and extremely touchy area of his or her own privacy
which the medium of internet grants to the netizens.Another Cybercrime against persons isthat of Cyberstalking. The Internet is a wonderful place to work, play and study. The Net is no
more and no less than a mirror of the real world. And that means it also contains electronic
versions of real life problems. Stalking and harassments are problems that many persons
4
8/2/2019 Akshara Pts Report FINAL
5/36
especially women, are familiar with in real life. These problems also occur on the Internet,
in what has become known as "Cyberstalking" or "on-line harassment"The second category ofCybercrimes is that of Cybercrimes against all forms of property. These crimes include
unauthorized computer trespassing through cyberspace, computer vandalism, transmission of
harmful programs and unauthorized possession of computerized information.
Hacking and cracking are amongst the gravest Cybercrimes known till date. It is a dreadful feeling
to know that someone has broken into your computer systems without your knowledge and
consent and has tampered with precious confidential data and information.
Chapter-1
Types Of Cyber Crime
There are various types of cyber crime
ber Stalking-
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber
criminal towards the victim by using Internet services. Stalking in General terms can be referred to
as the repeated acts of harassment targeting the victim such as
1. Following the victim
2. Making harassing phone calls
3. Killing the victims pet
4. Vandalizing victims property
5. Leaving written messages or objects
Stalking may be followed by serious violent acts such as physical harm to the victim and the samehas to be treated and viewed seriously. It all depends on the course of conduct of the stalker.
5
8/2/2019 Akshara Pts Report FINAL
6/36
Cyber-stalking refers to the use of the Internet, e-mail, or other electronic communications device
to stalk another person. It is a relatively new form of harassment, unfortunately, rising to alarming
levels especially in big cities like Mumbai.
1.1.2 Denial Of Service-
This is an act by a criminal, who floods the bandwidth of the victims network or fills his e-mail
box with spam mail depriving him of the services he is entitled to access or provide. This act is
committed by a technique called spoofing and buffer overflow. The criminal spoofs the IP address
and flood the network of the victim with repeated requests. Since the IP address is fake,
Chapter-1
the victim machine keeps waiting for response from the criminals machine for each request. This
consumes the bandwidth of the network which then fails to serve the legitimate requests and
ultimately breaks down.
1.1.3 Software Piracy-
Theft of software through the illegal copying of genuine programs or the counterfeiting and
distribution of products intended to pass for the original is termed as termed as software piracy.
Examples of software piracy
1. End user copying - Friends loaning disks to each other, or organizations underreporting the
number of software installations they have made.
2. Hard disk loading Hard disk vendors loads pirated software
3. Counterfeiting - large-scale duplication and distribution of illegally copied software.
4. Illegal downloads from the Internet - By intrusion, cracking serial numbers etc.
1.1.4 Spoofing-
6
8/2/2019 Akshara Pts Report FINAL
7/36
8/2/2019 Akshara Pts Report FINAL
8/36
1.1.8 Credit Card Fraud-
You simply have to type credit cardnumberiinto www page of the vendor foronline transactionIf
electronic transactions are not securedthe credit card numbers can be stolen bythe hackers who
can misuse this card byimpersonating the credit card owner.
1.1.9 Phishing-
It is technique of pulling out confidential information from the bank/financial institutional account
holders by deceptive means.
Chapter-1
1.1.10 Threatening-
The Criminal sends threatening email or comes in contact iin chat rooms with victim..(Any one
disgruntled may do this against boss,, friend or official).
1.1.11 Salami Attack-
In such crime criminal makes insignificant changes in such a manner that such changes would go
unnoticed.Criminal makes such program that deducts small amount like Rs. 2.50 per month from
the account of all the customer of the Bank and deposit the same in his account. In this case no
account holder will approach the bank for such small amount but criminal gains huge amount.
8
8/2/2019 Akshara Pts Report FINAL
9/36
Chapter-2
INTRODUCTION OF SPAM
Every Internet user knows the word spam and sees it in their inbox quite often. But not everyone
knows that years ago the word spam had nothing to do with either the Internet or emails.Spam
is an acronym derived from the words spiced and ham. In 1937, the Hormel Foods Corporation
(USA) started selling minced sausage made from out-of-date meat. The Americans refused to buy
this unappetizing product. To avoid financial losses the owner of the company, Mr. Hormel,
launched a massive advertizing campaign which resulted in a contract to provide tinned meat
products to the Army and Navy.
In 1937, Hormel Foods began to supply its products to American and allied troops. After World
War 2, with Britain in the grips of an economic crisis, spam was one of the few meat products that
9
8/2/2019 Akshara Pts Report FINAL
10/36
wasnt rationed and hence was widely available. George Orwell, in his book 1984, described
spam as pink meat pieces, which gave a new meaning to the word spam-something disgusting
but inevitable. In December 1970 the BBC television comedy series Monty Pythons Flying Circus
showed a sketch set in a cafe where nearly every item on the menu included spam - the tinned meat
product. As the waiter recited the SPAM-filled menu, a chorus of Viking patrons drowned out all
other conversation with a song repeating "SPAM, SPAM, SPAM, SPAM... lovely SPAM,
wonderful SPAM", hence "SPAMming" the dialogue. Since then spam has been associated with
unwanted, obtrusive, excessive information which suppresses required messages.
In 1993 the term spam was first introduced with reference to unsolicited or undesired bulk
electronic messages. Richard Dephew, administrator of the world-wide distributed Internet
discussion system Usenet, wrote a program which mistakenly caused the release of dozens of
recursive messages onto the news.admin.policy newsgroup. The recipients immediately found an
appropriate name for these obtrusive messages spam.
Chapter-2
On April 12 1994, a husband-and-wife firm of lawyers, Canter & Siegel, posted the first massive
spam mailing. The companys programmer employed Usenet to advertise the services offered by
Canter & Siegel, thus giving a start to commercial spam. Today the word spam is widely used in
email terminology, though Hormel tinned meat products are still on sale in the USA.
Before we define exactly what spam is, a few words should be said about spam in general and how
it is understood in other countries.Depending on the goals of the sender (spammer), spam
(unsolicited bulk email) may contain commercial information, or have nothing to do with it at all.
In other words, according to the content of the message, spam is divided into unsolicited
commercial email (UCE) and unsolicited bulk email (UBE).An email may contain information
10
8/2/2019 Akshara Pts Report FINAL
11/36
about its content in the SUBJECT field, whilst in the body of the message a sender may explain
why they have addresses a recipient without asking their permission and what the recipient must
do in order not to get emails from the sender in the future. In other words, if a user wants to
unsubscribe from unsolicited emails (opt-out) they must follow the instructions of the spammer,
which as a rule, will require information about the users email address or the need to call a
telephone number (usually a toll-free phone number).
Spammers know that they are sending out unsolicited information and try to make it seem as
though they do not want to inconvenience the user through clever use of the SUBJECT field text
and the inclusion of an unsubscribe mechanism. In fact, spammers do not care about reducing the
inconvenience caused by spam, and what is more, they dodge responsibility for their actions by
using spoofed sender addresses, third-party addresses or fake message headings. Their only goal is
to impede the identification of the sender and thus to prevent any possible retribution.
According to Kaspersky Lab, the definition of spam is anonymous, unsolicited bulk email.
Let's take a closer look at each component of the definition:
Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual
sender.
Chapter-2
Mass mailing: real spam is sent in enormous quantities. Spammers make money from the small
percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails
have to be high-volume.
Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to
receive may resemble spam, but are actually legitimate mail. In other words, the same piece of
11
8/2/2019 Akshara Pts Report FINAL
12/36
mail can be classed as both spam and legitimate mail depending on whether or not the user elected
to receive it.
It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.
Many spam messages are neither advertising nor any type of commercial proposition. In additionto offering goods and services, spam mailings can fall into the following categories:
Political messages
Quasi-charity appeals
Financial scams
Chain letters
Fake spam being used to spread malware
Because some unsolicited correspondence may be of interest to the recipient, a quality anti-spam
solution should be able to distinguish between true spam (unsolicited, bulk mailing) and
unsolicited correspondence.True spam should be reviewed or deleted at the recipient's
convenience. Unsolicited correspondence may also be filtered, but this should be carried out
carefully because a legitimate commercial proposition, a charity appeal, an invitation addressed
personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail,butnot as spam. Legitimate messages may also include delivery failure messages, misdirected
messages, messages from system administrators or even messages from old friends who have not
previously corresponded with the recipient by email. Unsolicited - yes. Unwanted not
necessarily.
Chapter-2
2.1 Purpose Of Spam
12
8/2/2019 Akshara Pts Report FINAL
13/36
The purpose of span is almost always to make money. Some spam promotes a product or invites
you to visit a website,other spam tries to trick you into investing in fraudulent schemes,or
revealing your bank or credit card details.spam email sent to a large no. of people to promote
products or sevices.some spam messages appear to come from authentic sources,such as banks.
Spammer succeed when even a small number of prople reply to and purchase some spam based
offering for the spammers to succeed.Some messages will ask you to complete registration or enter
a password & are known as phishing,their only purpose being to acquire personal data or even
passwords to accounts.
2.2 Who Practices The Spamming
Spam sent using spamware - programs specifically designed to send huge amounts of email (up to
100,000 emails an hour) over an ordinary dialup internet connection
Spam sent by ordinary person who wants to make advertisings for his own Web site
Individual computers that have been infected with a virus / Trojan - they connect to the Internet
and download lists of email addresses and start sending out spam.
Professional' spamhauses. These are companys setup purely to commit theft and fraud. The have
permanent internet connections, or sometimes have their servers in the premises of other crooked
service providers. They don't usually spam to advertise themselves, instead they find clueless
businessmen and charge them $1000 or so to send their advert to hundreds of thousands of people's
mailboxes.
Today, much of the spam volume is sent by career criminals and malicious hackers.More than 90
billion spam are sent per day in 2007!
Chapter-3
13
8/2/2019 Akshara Pts Report FINAL
14/36
TYPES OF SPAM
Today spam is a household word. Approximately 70-80% of all email traffic is spam. It means that
active correspondence via email is impossible without spam protection. Although spam written in
English is the most common, it comes in all languages including Chinese, Korean and other Asian
languages. In most cases spam is advertising.
Experience shows that spammers target specific goods and services which they seek to promote.
Some goods are chosen because a computer user is likely to be interested, but most are grey or
black market goods. In other words, spam is usually illegal, not only because of the means used to
advertise the goods, but also because the goods and services being offered are themselves
illegal.Other mass mailings are outright fraud. For example, a recipient is asked to provide their
bank account details. Of course, if the recipient provides these details, their bank account will be
emptied without their consent. This type of spam is usually called 'scam'. Another shining example
of fraud is Nigerian letters.
Spam worldwide tends to advertise a certain range of goods and services irrespective of language
and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas
items and car heaters being replaced by air conditioner advertising in summer.
Spammers constantly extend the range of their offers and are always searching for new ways of
attracting unwary users. The list of spam categories is growing. The share of new categories in
spam traffic is insignificant, though certain trends are quite evident when spam categories are
broken down. Nevermore so than in the most widespread types of spam:
However, when averaged out over the course of the year, 50% of spam falls into the following
categories:
Health and Medicine
14
8/2/2019 Akshara Pts Report FINAL
15/36
IT
Personal finance
Education
Chapter-3
3.1 Health and Medicine
This category includes advertisements for weight loss, skin care, posture improvement, cures for
baldness, dietary supplements and non-traditional medication etc. which can all be bought on-line.
Example
Subject: Lose up to 19% weight. A new weightloss is here.
Hello, I have a special offer for you...
WANT TO LOSE WEIGHT?
The most powerful weightloss is now availablewithout prescription. All natural Adipren720100% Money Back Guarantee!
- Lose up to 19% Total Body Weight.- Up to 300% more Weight Loss while dieting.- Loss of 20-35% abdominal Fat.- Reduction of 40-70% overall Fat under skin.- Increase metabolic rate by 76.9% without Exercise.- Burns calorized fat.- Suppresses appetite for sugar.- Boost your Confidence level and Self Esteem.
Get the facts about all-natural Adipren720: {LINK}
15
8/2/2019 Akshara Pts Report FINAL
16/36
3.2 IT
This category includes offers for low-priced hardware and software as well as services for website
owners such as hosting, domain registration, website optimization and so forth.
Example:
Chapter-3
Subject: Huge savings on OEM Software. All brand names available now
stewardess
Looking for not expensive high-quality software?
We might have just what you need.
Windows XP Professional 2002 ............. $50
Adobe Photoshop 7.0 ...................... $60
Microsoft Office XP Professional 2002 .... $60
Corel Draw Graphics Suite 11 ............. $60
and lots more...
3.3 Personal Finance
Spam which falls into this category offers insurance, debt reduction services, loans with low
interest rates etc.
Examples:
16
8/2/2019 Akshara Pts Report FINAL
17/36
Chapter-3
17
8/2/2019 Akshara Pts Report FINAL
18/36
18
Subject: Lenders Compete--You Win
Reduce your mortgage payments
Interest Rates are Going Up!
Give Your Family The Financial Freedom They Deserve
Refinance Today & SAVE*Quick & EASY*CONFIDENTIAL*100's Of Lenders*100% FREE*Get The Lowest Rate
Apply Today! {LINK}
All credit will be accepted
To clear your name from our database please {LINK}or use one of the optins below.Thank You
Call 1-800-279-7310
Or please mail us at:
1700 E. Elliot Rd. STE3-C4
Tempe, AZ. 85283
8/2/2019 Akshara Pts Report FINAL
19/36
3.4 Education & Training
This category includes offers for seminars, training and online degrees.
Examples:
Chapter-3
19
8/2/2019 Akshara Pts Report FINAL
20/36
Subject: get a degree from home, Mas#ters, Bachelors or PHD
Call {Phone Num.} to inquire about our degree programs.
Whether you are seeking a Bachelors, Masters, Ph.D. or MBA
We can provide you with the fully verifiable credentials to get your career BACK ONTRACK!
No testing or coursework required Call: {Phone Num.}
we are sorry if you did not want to receive this mail.
To be removed from our list please call {Phone Num.}
20
8/2/2019 Akshara Pts Report FINAL
21/36
Chapter-4
CONTEMPORARY SPAMMER TECHNOLOGIES
Spammers use dedicated programs and technologies to generate and transmit the billions of spam
emails which are sent every day (from 60% to 90% of all mail traffic). This requires significant
investment of both time and money.
Spammer activity can be broken down into the following steps:
21
8/2/2019 Akshara Pts Report FINAL
22/36
Fig 4.1 Steps For Spamming
Chapter-4
4.1 Creating Address Databases
The first step in running a spammer business is creating an email database. Entries do not only
consist of email addresses; each entry may contain additional information such as geographical
location, sphere of activity (for corporate entries) or interests (for personal entries). A database
may contain addresses from specific mail providers, such as Yandex, Hotmail, AOL etc. or from
online services such as PayPal or eBay.
There are a number of methods spammers typically use to collecting addresses:
Guessing addresses using common combinations of words and numbers - john@, destroyer@,
alex-2@
Guessing addresses by analogy - if there is a verified [email protected] , then it's
reasonable to search for a [email protected], @aol.com, Paypal etc.
Scanning public resources including web sites, forums, chat rooms, Whois databases, Usenet
News and so forth for word combinations (i.e. [email protected], with word3 being a top-
level domain such as .com or .info)
Stealing databases from web services, ISPs etc.
Stealing users' personal data using computer viruses and other malicious programs
22
8/2/2019 Akshara Pts Report FINAL
23/36
Topical databases are usually created using the third method, since public resources often contain
information about user preferences along with personal information such as gender, age etc. Stolen
databases from web services and ISPs may also include such information, enabling spammers to
further personalize and target their mailings.
Stealing personal data such as mail client address books is a recent innovation, but is proving to be
highly effective, as the majority of addresses will be active. Unfortunately, recent virus epidemics
have demonstrated that there are still a great many systems without adequate antivirus protection;
this method will continue to be successfully used until the vast majority of systems have been
adequately secured.
Chapter-4
4.2 Address Verification
Once email databases have been created, the addresses need to be verified before they can be sold
or used for mass mailing. Spammers send a variety of trial messages to check that addresses are
active and that email messages are being read.
Initial test mailing-A test message with a random text which is designed to evade spam filters
is sent to the entire address list. The mail server logs are analysed for active and defunct addresses
and the database is cleaned accordingly.
Once addresses have been verified, a second message is often sent to check whether recipients
are reading messages. For instance, the message may contain a link to a picture on a designated
web server. Once the message is opened, the picture is downloaded automatically and the website
will log the address as active.
23
8/2/2019 Akshara Pts Report FINAL
24/36
A more successful method of verifying if an address is active is a social engineering technique.
Most end users know that they have the right to unsubscribe from unsolicited and/or unwanted
mailings. Spammers take advantage of this by sending messages with an 'unsubscribe' button.
Users click on the unsubscribe link and a message purportedly unsubscribing the user is sent.
Instead, the spammer receives confirmation that the address in question is not only valid but that
the user is active.
However, none of these methods are foolproof and any spammer database will always contain a
large number of inactive addresses.
4.3 Creating Platforms For Mass Mailing
Today's spammers use one of these three mass mailing methods:
Direct mailing from rented servers
Using open relays and open proxies - servers which have been poorly configured and are
therefore freely accessible
Chapter-4
Bot networks - networks of zombie machines infected with malware, usually a Trojan, which
allow spammers to use the infected machines as platforms for mass mailings without the
knowledge or consent of the owner.
Renting servers is problematic, since anti-spam organizations monitor mass mailings and are quick
to add servers to blacklists. Most ISPs and anti-spam solutions use blacklists as one method to
identify spam: this means that once a server has been blacklisted, it can no longer be used byspammers.
24
8/2/2019 Akshara Pts Report FINAL
25/36
Using open relay and open proxy servers is also time consuming and costly. First spammers need
to write and maintain robots that search the Internet for vulnerable servers. Then the servers need
to be penetrated. However, very often, after a few successful mailings, these servers will also be
detected and blacklisted.
As a result, today most spammers prefer to create or purchase bot networks. Professional virus
writers use a variety of methods to create and maintain these networks:
Pirate software is also a favorite vehicle for spreading malicious code. Since these programs are
n spread via file-sharing networks, such as Kazaa, eDonkey and others, the networks themselves are penetrated
even users who do not use pirate software will be at risk.
Exploiting vulnerabilities in Internet browsers, primarily MS Internet Explorer. There are number
owser vulnerabilities in browsers which make it possible to penetrate a computer from a site being viewed by the
hine's user. Virus writers exploit such holes and write Trojans and other malware to penetrate victim machines,
ng malware owners full access to, and control over, these infected machines. For instance, pornographic sites and
r frequently visited semi-legal sites are often infested with such malicious programs. In 2004 a large number of
running under MS IIS were penetrated and infected with Trojans. These Trojans then attacked the machines of
s who believed that these sites were safe.
Using email worms and exploiting vulnerabilities in MS Windows services to distribute and install
ans: MS Windows systems are inherently vulnerable, and hackers and virus writers
Chapter-4
are always ready to exploit this. Independent tests have demonstrated that a Windows XP system
without either a firewall or antivirus software will be attacked within approximately 20 minutes ofbeing connected to the Internet.
25
8/2/2019 Akshara Pts Report FINAL
26/36
Modern malware is rather technologically sophisticated the authors of these programs spare
neither time nor effort to make detection of their creations as difficult as possible. Trojan
components can behave as Internet browsers asking websites for instructions whether to launch a
DoS attack or to start spam mailing, etc. (the instructions may even contain information about the
time and the place of the next instruction). IRC is also used to get instructions.
Spammer Software
An average mass mailing contains about a million messages. The objective is to send the
maximum number of messages in the minimum possible time. There is a limited window of
opportunity before anti-spam vendors update signature databases to deflect the latest types of
spam.
Sending a large number of messages within a limited timeframe requires appropriate technology.
There are a number of resources available that are developed and used by professional spammers.
These programs need to be able to:
Send mail over a variety of channels including open relays and individual infected machines.
Create dynamic texts.
Spoof legitimate message headers
Track the validity of an email address database.
Detect whether individual messages are delivered or not and to resend them from alternative platforms if the
nal platform has been blacklisted.
These spammer applications are available as subscription services or as a stand-alone application
for a one-off fee.
Chapter-4
4.4 Marketing Spammer Services
26
8/2/2019 Akshara Pts Report FINAL
27/36
Strangely enough, spammers advertise their services using spam. In fact, the advertising which
spammers use to promote their services constitutes a separate category of spam. Spammer-related
spam also includes advertisements for spammer applications, bot networks and email address
databases.
4.5 Creating The Message Body
Today, anti-spam filters are sophisticated enough to instantly detect and block a large number of
identical messages. Spammers therefore now make sure that mass mailings contain emails with
almost identical content, with the texts being very slightly altered. They have developed a range of
methods to mask the similarity between messages in each mailing:
Inclusion of random text strings, words or invisible text. This may be as simple as including a
om string of words and/or characters or a real text from a real source at either the beginning or the end of the
sage body. An HTML message may contain invisible text - tiny fonts or text which is colored to match the
ground. All of these tricks interfere with the fuzzy matching and Bayesian filtering methods used by anti-spam
tions. However, anti-spam developers have responded by developing quotation scanners, detailed analysis of
ML encoding and other techniques. In many cases spam filters simply detect that such tricks have been used in a
age and automatically flag it as spam.
Graphical spam. Sending text in graphics format hindered automatic text analysis for a period of
, though today a good anti-spam solution is able to detect and analyze incoming graphics
Dynamic graphics. Spammers are now utilizing complicated graphics with extra information to
e anti-spam filters.
"Fragmented Images. Actually the image consists of several smaller images, but a user sees it as
plete text. Animation is just another type of fragmentation whereby the image is split into frames that are layered
each other, with the end result being complete text.
Chapter-4
27
8/2/2019 Akshara Pts Report FINAL
28/36
Paraphrasing texts. A single advertisement can be endlessly rephrased, making each individual
sage appear to be a legitimate email. As a result, anti-spam filters have to be configured using a large number of
ples before such messages can be detected as spam. A good spammer application will utilize all of the abovehods, since different potential victims use different anti-spam filters. Using a variety of techniques ensures that a
mercially viable number of messages will escape filtration and reach the intended recipients.
28
8/2/2019 Akshara Pts Report FINAL
29/36
Chapter-5
EXAMPLES OF SPAM
If the title mentions "free pix", "passwords", or money-making opportunities, it's spam.
IF THE TITLE IS ALL IN CAPITALS, it's spam.
If the title mentions a filename ending in ".html" or ".htm", it's spam.
If the title contains a web site address, it's spam.
If the title ends with a multi-digit number (e.g. "Please help 13874"), it's spam.
If there's lots of non-alphabetic characters (e.g. *****, !!!!!, ##### etc.), particularly at the
start of the title, it's spam.
If the author field consists of a stream of random characters, (such as "jsg;rhb" or
"dkhvdjblkghsx") it's spam.
If the author's name is "Webmaster" or reads like an invite to a web site, it's probably spam.
If the title is in an unexpected language (e.g. German), it's probably spam.
29
8/2/2019 Akshara Pts Report FINAL
30/36
Chapter-6
DAMAGE CAUSED BY SPAM
6.1 Time Costs
If you are receiving two or three Unsolicited Emails a day you probably think spam isn't all that
bad, it's just a minor inconvenience. But if you are receiving 40 to 50+ a day, and you're spending
an average of 10 seconds each to decide what you want to do with each message, then you're
30
8/2/2019 Akshara Pts Report FINAL
31/36
wasting around 60 hours a year dealing with spam. That's over seven workdays wasted each year!
Not to mention the raw frustration and distraction of doing a task that takes you from your
productive work.
6.2 Server Costs
Then there are the costs to your server of having to manage large amounts of mail entering their
system. When too much is sent or arrives at one time it can cause the system to crash, leaving their
customers without the ability to send or receive email. One Internet Service Provider that's known
for allowing spammers to send bulk mail through its system crashed when several of its users sent
large amounts of mail at the same time. It was down for several days and many antispammers
thought that justice had its own way of dealing with spammers and hoped the Provider would start
enforcing it's own Terms of Use. No such luck, its back and spammers are sending their junk mail
in mass amounts once again.
6.3 Consumer Costs
Some consumers have to pay long distance phone charges to connect to the Internet (mostly in
countries outside of the US) and some countries charge for every phone call made by their
customers. In these cases, the user wastes connection time by downloading and sorting through
unwanted email.
Chapter-6
6.4 Privacy Costs
It's our belief that the biggest problem with spam, other than having to look at it, is that 90% ofthose sending it do it in a fraudulent way. They buy software that hides their identity, forges email
headers, steals others' identities (read about one man's experience with identity theft at Behind
Enemy Lines), use bogus cancellation addresses, and stake out a claim to their right to intrude on
31
8/2/2019 Akshara Pts Report FINAL
32/36
your privacy. Some even claim you signed up to receive their spam advertisement (which may
contain some measure of truth but we will comment on that under How Did They Get My Email
Address? If that were true, why then do they go to such lengths to hide their true identities.
Year after year, the advertising component that was the original purpose of spam degeneratesfurther towards simple criminal opportunism. Since spam mailings are anonymous, their owners
often cherish the illusion that they can operate with impunity.
The most popular types of blatantly criminal spam are Nigerian letters and phishing. Spammers
have been most inventive in creating ever more attractive bait for the user and seeking new
targets for their attacks.
In addition, the services of the spammer are in constant demand by virus writers. Virus writers use
spam mailings to distribute their latest creations, often placing links to infected sites within the
mailing that are designed to lure the unwary user to click on them for one reason or another. A
recipient of such spam thus runs the risk of their computer being infected by a malicious program.
According to the experts, the annual overall loss resulting from spam is estimated to be tens of
billions of Dollars. As a result, anti-spam protection is not only desirable, but an urgent necessity.
If spammer activity is not restricted, email could easily become a thing of the past, eclipsed by the
overwhelming volume of spam.
Chapter-7
WAYS TO AVOID SPAM
Maintain at least two email addresses. You should use your private address for personal correspondence The public address should be the one you use to register on public forums, in chat rooms, to subscribe to mailing
etc.
32
8/2/2019 Akshara Pts Report FINAL
33/36
Never publish your private address on publicly accessible resources.
Your private address should be difficult to spoof. Spammers use combinations of obvious names, words and
bers to build possible addresses. Your private address should not simply be your first and last name. Be creative
personalize your email address.
If you have to publish your private address electronically, mask it to avoid having it harvested by spammers.
[email protected] is easy to harvest, as is Joe.Smith at yahoo.com. Try writing Joe-dot-Smith-at-yahoo-dot-com
ad. If you need to publish your private address on a website, do this as a graphics file rather than as a link.
Treat your public address as a temporary one. Chances are high that spammers will harvest your public
ess fairly quickly. Don't be afraid to change it often.
Always use your public address to register in forums and chatrooms and to subscribe to mailing lists and
motions. You might even consider using a number of public addresses in order to trace which services are selling
esses to spammers.
Never respond to spam. Most spammers verify receipt and log responses. The more you respond, the more
m you will receive.
Chapter-7
33
8/2/2019 Akshara Pts Report FINAL
34/36
Do not click on unsubscribe links from questionable sources. Spammers send fake unsubscribe letters in
an attempt to collect active addresses. You certainly don't want to have your address tagged as active as it
will just increase the amount of spam that you receive.
If your private address is discovered by spammers - change it. This can be inconvenient, but changing your
email address does help you to avoid spam - at least for a while!
Make sure that your email is filtered by an antispam solution. Consider installing a personal antispam
solution. Only open email accounts with providers that offer spam filtration prior to mail delivery.
34
8/2/2019 Akshara Pts Report FINAL
35/36
Chapter-8
CONCLUSION
The transmission of unsolicited commercial email messages (Spam) has become one of the most
pressing issues in the information technology world.It is not possible to remove Cyber crimes from
the cyber space. But it is quite possible to check them, and it can be done to make people aware of
their rights and duties.Arms race between spammers and anti spam techniques.
Effective and efficient use of various Anti-Spam techniques as discussed can make spamming less
profitable and can prove a way to help FIGHT SPAM.
Distributed Community approach most effective. However there were some attempts to introduce
fees for sending e-mails they did not have any significant influence on the whole situation. Many
skeptics predicted that this idea would satisfy neither e-mail providers nor users and that was the
reality - Gates idea failed having been rejected by the majority of both. Also the performance of
the latest spam recognition techniques seems to be quite disappointing. If we consider such
technologies as Smart RBL or Distributed Checksum Clearing House (DCC) then spam filters
using them quite often fail to distinguish spam/non-spam messages correctly and as a result
legitimate e-mails are blocked while junk passes through to Inbox. To conclude we have to admit
that in 2006 the situation with spam got much worse than it had been predicted before and at the
35
8/2/2019 Akshara Pts Report FINAL
36/36
moment there are no encouraging signs that could give some cause for optimism in the nearest
future. "Arms race" is continuing and so far spammers have not shown any signs of exhaustion.
Bibliography
www.wikipedia.org
http://www.web-spamming-ppt-d142629409.htm
http://www.spam_types.asp.htm