CEHv6 Module 40 Spamming

7/27/2019 CEHv6 Module 40 Spamming

1/61

Ethical Hacking and

Version 6

Spamming


2/61

News

EC-CouncilCopyright byEC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Source: http://www.nzherald.co.nz/


3/61

Module Objective

This module will familiarize you with:

Spamming

Techniques used by Spammers

How Spamming is performed

Types of Spam attacks

Bulk Emailing Tools

Anti-Spam Techniques



Anti- Spamming Tools


4/61

Module Flow

Spamming Types of Spam Attacks

Bulk Emailing ToolsTechniques used by

Spammers

How Spamming isPerformed

Anti- Spam Techniques

Ways of Spamming Anti- Spamming Tools




5/61

Introduction

Spamming is populating the users inbox with unsolicited or junkema s

Spam email contains malicious computer programs such as viruses andro ans w c c ange e compu er se ngs or rac e sys em

S ammin is also used for roduct advertisements




6/61

Techniques Used by Spammers

Spoofing the domain:

Message appears to be from users own domain

Poisoning or spoofing filters:

on o nv s e ex or num er ng n message

Social Engineering:

information

Directory harvesting:

By sending messages to possible addresses and then building a list of validemail addresses through non-delivery reports



Convinces the user that the mail is sent by a trusted source


7/61

Techniques Used by Spammers

It installs Trojan horse and viruses that malfunctions host computer

Using innocuous words (ham words) in a SPAM, thereby effectively

poisoning the database in the long run

a a ase o son ng:

Hiding spam words by inserting invalid HTML tags in between words

Junk Tags:

Spam word like mortgage etc. are masked by inserting special

Invalid Words:



characters or junk characters in between


8/61

How Spamming is Performed

Getting the email IDs

Spammers get access to the email IDs when theuser registers to any email service, forums, or

as genuine users Spiders are used which searches the code in web

pages that looks as email IDs and copies it to thea a ase

E-mail extraction tools that have built in searchengines to find email IDs of companies based onthe ke words entered are used

On-line Ad Tracking tools help the spammers toanalyze details of the number of users whoopened the spam mails, the responses to it, and




9/61

How Spamming is Performed

How Spam is Relayed

Rogue ISPs obtain their own network numbering andmultiple domain names from the interNIC using whichspammers manage to get across spam blocks

On-the-fly Spammers - Spammers register as genuineusers for trial accounts with ISPs and use forgedidentities to start spam hits

Blind Relayers Some servers relay a message withoutaut entication w ic is sen as genuine mai

Getting passed the anti spamsoftwares

The subject line of the email is given as Re: or Fw:assures the anti spam softwares that it is a genuinereply to users message



to make the anti spam software trust the source


10/61

Ways of Spamming

Usenet spam

It is a single message sent to 20 or moreUsenet newsgroups

overwhelming them with a barrage ofadvertising or other irrelevant posts

Email spam targets individual users with

Email Spam

Email spam lists are often created by

scanning Usenet postings, stealingInternet mailing lists, or searching the



We or a resses


11/61

Spammer: Statistics



Source: http://www.spamhaus.org/


12/61

Worsen ISP: Statistics





13/61

Top Spam Effected Countries:





14/61

Types of Spam Attacks

Hidden text & links

Making the text look same as the back ground color

Double tags

Giving duplicate title tags and Meta tags

Cloakin

This is done by showing different pages to search engine and users

Wikis are used to add or update the content of any page on thewebsite



which hunt out blogs and then post keyword text links


15/61

Types of Spam Attacks (contd)

In this type of spamming, emails containing only images withoutany text are sent by spammers to evade security systems/controls

Hijacking/pagejacking

redirected page




16/61

Spam

u ma ng oo s




17/61

Fairlogic Worldcast

Fairlogic Worldcast bulk emailing tool is acustomized mailer and also an address validator

It detects many common bad addresses existingon e ma ng s s

It provides a detailed logs of the entire deliveringprocess and reports if there is any kind of error




18/61

Fairlogic Worldcast: Screenshot




19/61

123 Hidden Sender

12 Hidden Sender sends absolute anon mous bulk emails

The IP address is not shown in the email headers

ISP service is not lost

Bulk




20/61

123 Hidden Sender: Screenshot




21/61

YL Mail Man

YL Mail Man is a flexible email addressesmanagement and email delivering software

It helps companies or shareware authors to

organize and manage large volumes ofcustomer ema a resses an contact t em yemail in simple steps

It also has import & export function and aduplicate email addresses remover




22/61

YL Mail Man: Screenshot




23/61

Sendblaster

Bulk email software for email marketing, which allows tocommun cate w t customers an r en s

-database and integrating with the web site mailing list




24/61

Sendblaster: Screenshot




25/61

Direct Sender

send unlimited numbers of personalized e-mail messages using any kind of database

The bulk rocess sends u to 100simultaneous emails directly to recipients

Millions of customized emails in HTML orplain format can be send, with or withoutattachments and without overloadin ISP's



servers


26/61

Direct Sender: Screenshot




27/61

Hotmailer

,

finder, and verifier

It can efficiently search large amount of e-mailaddresses from a mail server in a short time

With built in SMTP server, it will connect to theremote server and post email addresses forverification

If the email address is valid, Hotmailer willautomatically send the mail




28/61

Hotmailer : Screenshot




29/61

PackPal Bulk Email Server

PackPal Bulk Email Server is a safe and fast bulk email sender

It can run as a background service

Features:

Super Bulk Email Marketing tool

There is no limit on the amount ofmessages send through the bulk emailserver




30/61

PackPal Bulk Email Server:




31/61

IEmailer

IEmailer is a bulk email marketing software which is safe to usesince it does not use or go through the local ISPs email server

It simulates the sendin of the email messa es to the server ouchoose, the same one you are verifying email addresses on




32/61

IEmailer: Screenshot




33/61

-




34/61

Anti-Spam Techniques

Techniques used to eliminate spam are:

Messages received are checked to match certain patterns

Heuristic/Signature-based Content Filtering

higher, then the email is an undesired email

Bayesian Content Filtering It filters and sorts the emails into different folders based on the

good and undesired mail feed to it

Many users share their judgment about what is a desired mail andundesired mail

Ever time the user receives a mail a s ecial a lication su est



whether it is SPAM or not


35/61

Anti-Spam Techniques (contd)

Black Listing (RBL)

It uses various spam detection tools, to report bad-behavior IPaddress as a list The information is collected and stored in a database to filter

the spam email based on this information

White Listing

It accepts all the emails from certain IP addresses No other filters can stop an email once it is accepted

It does not accept the messages from IP address which are not

Greylisting



previously successfully connected to the mail server


36/61


Sender Policy Framework

To prevent the sender address forgery, SPF proposes

valid email sender register i.e. the IPs of the machinesthey send email from, using extended DNS records

It is used to add the spam IP addresses to a local block

list

DNS-based Block Lists

It supports callbacks which verifies the sender of a

MX Callbacks

It responds slowly to connected mail servers by using

Teergrubing



multi line SMTP responses


37/61


Reputation Control

It analyzes the email sent by thesender and assigns a score-

score improves, if not - the scorereduces

This software blocks SMTP sessions

Transparent SMTP Proxy

-the NA(P)T router

It acts like proxy, interceptingout oin SMTP connections and



scanning session data on-the-fly


38/61

Anti-Spamming Tools




39/61

AEVITA Stop SPAM Email

AEVITA Stop SPAM Email helps to hide email addresses fromspam ots

It will replace all the email addresses on the page with specifically

It introduces codes that spambots block, which a normal mailing

program ignores

It even stops spammers from getting a large list of email addresses



AEVITA Stop SPAM Email:


40/61

AEVITA Stop SPAM Email:




41/61

SpamExperts Desktop

SpamExperts Desktop works as a spam filter with any email program

It is not dependent on keywords list to detect spam, but checks the

It also checks for filtering spam in background, and also maintains



SpamExperts Desktop:


42/61

SpamExperts Desktop:




43/61


44/61

SpamEater Pro: Screenshot




45/61

SpamWeasel

SpamWeasel removes the spam before it gets into the inbox

It either deletes or archives the suspected spam mail which entersusers mailbox by placing a warning message

SpamWeasel supports multiple POP accounts



l h


46/61

SpamWeasel: Screenshot



h


47/61

Spytech SpamAgent

Spytech SpamAgent is a powerful email monitoring and filtering tool which

It contains filters which block unwanted and spam mails getting into theinbox

It filters based on the sender, recipient, subject, body, as well as attachmenttype, forwards, and more

Spytech SpamAgent removes the spam mails from the mailbox but deletes itonly after users acceptance



S h S A S h


48/61

Spytech SpamAgent: Screenshot



A ti S i


49/61

AntispamSniper

AntispamSniper integrates with Outlook Express to filter incoming

It moves the spam mails into junk mail folder which allows user to

Spam filtering techniques include filtering attachments, customizable, ,



A ti S i S h t


50/61

AntispamSniper: Screenshot



S R d


51/61

Spam Reader

S am Reader is an anti-s am add-on for Microsoft Outlook

It automatically scans the inbox messages for spam and filters intothe spam folder

Spam Reader uses a Bayesian engine which distinguishes betweenspam or good mails



S R d S h t


52/61

Spam Reader: Screenshot



Spam Assassin Proxy (SA) Proxy


53/61

Spam Assassin Proxy (SA) Proxy

Spam Assassin Proxy is based on open source software

It runs on the local proxy server which is situated between emailprogram and POP3 mail account

Spam Assassin Proxy uses Bayesian filtering which is accurate anddetects new spam

It does not delete spam but marks it



SA Proxy: Screenshot


54/61

SA Proxy: Screenshot



MailWasher Free


55/61

MailWasher Free

MailWasher Free is used as a spam detection and mail preview tool

found

There are 3 levels of spam detection where the user can specifys er own ers

It allows to create the users own spam filter



MailWasher Free: Screenshot


56/61

MailWasher Free: Screenshot



Spam Bully


57/61

Spam Bully

S am Bull is an anti-s am tool for MS Outlook

It removes 99 percent of the spam mails from the inbox

Spam Bully moves all spam messages into the spam folder which can bepermanently deleted

It can also bounce messages from known spammers, query emails sentfrom unfamiliar emails, block selected attachments types, and more



Spam Bully: Screenshot


58/61

Spam Bully: Screenshot



Summary


59/61

Summary

Spamming is all about populating the users inbox with unsolicited or junkema s

Spammers gets access to the email IDs when the user registers to any emailservice forums or blo s b hackin the information or re isters as enuineusers

Spiders are used which searches the code in web pages that looks as email

The spam message is enclosed as an image in the mail to make the anti spam

AEVITA Stop SPAM Email helps to hide email addresses from spambots



Documents

CEHv6 Module 40 Spamming