SPAM : THE NUISANCE, THE THREAT, AND

THE UNPRODUCTIVE IMPACT ON INTERNET USERS

bambangpri@depkominfo.go.idsoeprijanto_bambang@yahoo.com

THE DIRECTORATE FOR COMMUNITY EMPOWERMENT ON ICT

THE DIRECTORATE GENERAL FOR TELEMATICS APPLICATIONSTHE MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY

OF THE REPUBLIC OF INDONESIA

E-mail*), the Internet’s first killer application, is an essential element of business today, providing convenient & time-saving communication with customers. Anything that threatens the integrity, reliability and performance of e-mail has a profound impact on business operations.

Spam is currently the biggest e-mail system threat, and enterprises must take action to protect them. Spam consists of**):•Junk Email•Unsolicited e-mail (or advertising mail) sent to a large number of addresses•Coalition Against Unsolicited Commercial Email (CAUCE) web site at: http://www.cauce.org/

*) Controlling Spam The IronMail ® Way JUNE 2004 © 2004 CipherTrust, Inc.**) Master Internet VolunteerSM Program www.ext.nodak.edu/miv/ by the University of Minnesota Master Internet Volunteer program leaders

FACTS ON SPAM

• More than 5 million unique spam attacks last month, almost three times as many as a year earlier. The well is poisoned.

• Spam is not just a nuisance. It absorbs bandwidth and the mail servers of ISP. The cost is now widely estimated in the billions of dollars a year.

• The social costs are immeasurable: people fear participating in the collective life of the Internet.

• The signal-to-noise ratio nears zero, and trust is destroyed.

A typical spam advertisement

1 Spam increases the cost of providing email. A rapid increase in the amount of storage required in messaging systems: (Osterman Research surveys : messaging system growth is increasing at 30% annually, much of this caused by spam). It consumes network bandwidth, reduces server performance, lengthens message delivery times, increases the amount of email server downtime and raises administrative overhead

Cost-Shifting. Sending bulk email is amazingly cheap. With a 28.8 dialup connection and a PC, a spammer can send hundreds of thousands of messages per hour. And the costs for the recipients are much greater than the costs of the sender. "Just hit the Delete key !" is not solve the problem, its is much bigger than the time and effort of deleting a couple of emails. Thedifferent places along the process of transmitting and delivering email where costs are incurred. In the Internet world, "time" equals many different things besides the hourly rate that many people are still charged.

2 Spam reduces employee productivity. An non protected email user by spam blocking technology, costs $1,400 each year in lost productivity; because dealing with the spam at mailbox.

One of the most common tricks is to relay their messages off the mail server of an innocent third party. This tactic doubles the damages: both the receiving system, and the innocent relay system are flooded with junk email.

3 Spam exposes an enterprise to potential legal problems. A growing percentage of spam is pornographic or offensive in nature, enterprises will be liable if they do not prevent delivery of content to end users ( the deployment of spam-blocking technology or the creation of corporate policies designed to prevent spam).

Fraud. Spammers know the majority (often approaching 95%) of recipients don't want to receive their messages. As a result, many junk emailers use tricks to get you to open their messages. In many cases, ISPs and consumers have set up "filters" to help dispose of the crush of UCE. Spammers know this, so as they see that mail is being blocked or filtered, the use tricks that help disguise the origin of their messages.

4 Dictionary Attacks. A spammer will send thousands of messages to an email server, using a slight variation of an email address. These attacks impose huge drains on email server performance because servers spend a significant proportion of power, responding to these requests. *) How a Service Provider Can Eliminate Spam in the Enterprise © 2003 Osterman Research

Another common trick that spammers use is to forge the headers of messages, making it appear as though the message originated elsewhere, again providing a convenient target.

Spam problems; Why ?

5. Waste of Others' Resources. When a spammer sends an email message, it is carried shifting cost away from the originator. The number of spams sent out each day is truly remarkable, and each one must be handled by other systems; there is no justification for forcing third parties to bear the load of unsolicited advertising. Unfortunately, small "mom-and-pop" ISPs and customers are to suffer the floods.

6. Displacement of Normal Email. In the late 1980s, as more and more businesses began to use Fax machines, the marketer decided to Fax you their advertisements.

7. Annoyance Factor. Your email address is not the public domain! It is yours, you paid for it, and you should have control over what it is used for. This is the heart of the "Opt In" approach supported by CAUCE.

8. Quarantine of email identified as spam. A spam filtering system should trap email messages that have been identified as spam into a holding area, but should be accessible to administrators for their review messages, and will be accessible for individuals review.

From the beginning, the Internet has tried to fight spam with grass-roots vigilantism:1. Software companies now routinely build spam-filtering technology, and independent

programmers are struggling to devise more creative methods. 2. Millions of individual e-mail users are trying to devise coping strategies of their own. 3. Consumer advocates are working in vain to persuade lawmakers to take action. Each in its

own way, for different reasons, these efforts are failing.4. America Online and other large service providers suffered from the load of mail and the

torrent of complaints. 5. The next big step was the rise of free mail services: Hotmail, and Yahoo. So. the internet makes spamming more easy: service providers desperate for market share at all

costs; and an architecture of an open and insecure mail gateways. It enables hit-and-run e-mailers to create quick, disposable, false identities.

Flourishing an information-welfare based society through the establishment of an efficient and effective framework of the ICT infrastructure, telematics applications and its content within the unitary state of the Republic of Indonesia.

DG Telematics Application Vision:Improving the implementation of ICT through the development and utilisation of telematics application to raising the quality of life of the nation and state of the Republic of Indonesia.

MINISTRY OF COMMUNICATION AND IT VISION

The Information Society of Indonesia - 2015 (MII 2015)

2025, Knowledge based Society of Indonesia 2020, Advancing the nation based on ICT’s leverage 2015, Entering the Information Society of Indonesia 2010, ICT accessibility at 80% of the popualtion 2006 – 2009, Enhancing e-Government and public

tarnsparancies 2005, National ICT Awareness Campaign 2005-2006, Incentive and regulation (Cyber Law,

e-Procurement/ e-Commerce) 2004, Institutional Convergent : DG Postel, LIN and Kominfo

2025, Knowledge based Society of Indonesia 2020, Advancing the nation based on ICT’s leverage 2015, Entering the Information Society of Indonesia 2010, ICT accessibility at 80% of the popualtion 2006 – 2009, Enhancing e-Government and public

tarnsparancies 2005, National ICT Awareness Campaign 2005-2006, Incentive and regulation (Cyber Law,

e-Procurement/ e-Commerce) 2004, Institutional Convergent : DG Postel, LIN and Kominfo

DevelopInformation Infrastucture

DevelopInformation Infrastucture

Regulation, Incentive System

Institutional Convergence

Regulation, Incentive System

Institutional Convergence

Capacity buildingand HRD

Capacity buildingand HRD

DIRECTORATE GENERAL FOR TELEMATICS APPLICATION FLAGSHIP PROGRAMS 2005-2009

1. Gerakan Masyarakat Cerdas (Community Access Point) & Program ONE SCHOOL ONE LABORATORIUM computer (OSOL), to improve national ICT penetration.

2. Public Services Interoperability to guarantee an integrated information system and public services within the unitary state of the Republic of Indonesia.

3. Cyber park, to develop Telematics potential industries (Software and culture related content) at the National scale.

4. Development of basic Application and excellence software

5. National campaign on encouraging the use of an ICT legal Software.

Once considered only a minor nuisance, spam has emerged as one of the greatest Information Technology (IT) issues for enterprises today. The exponential growth of spam, and security attacks delivered via e-mail, makes deploying an anti-spam solution one of IT’s priorities.

The most commonly seen UCEs advertise:1. Chain letters 2. Pyramid schemes (Multilevel Marketing, or MLM) 3. "Get Rich Quick" or "Make Money Fast" (MMF) 4. phone sex lines and ads for pornographic web sites 5. software for collecting e-mail addresses and UCE 6. bulk e-mailing services for sending UCE 7. Stock offerings for unknown start-up corporations 8. Quack health products and remedies 9. Illegally pirated software ("Warez")

"Spam has become the organized crime of the Internet. Most people see it as a private mailbox problem, but it's becoming a systems and engineering and networking problem. It's depressing. Spammers are gaining control of the Internet.” (Barry Shein, president of The World, one of the original Internet service providers, at the 2003 Spam Conference in Cambridge, Mass).

A Growing Commercial IndustrySpamming is a profitable business, driven by the low cost of sending e-mail compared to other

direct marketing techniques.

From Nuisance to Threat

1 Overwhelming M essage Volume Most organizations experience extremely high volume of spam. According to CipherTrust Research, spam has increased from under 20% of corporate e-mail in 2002 to over 80% in 2004. This impacts e-mail and network availability, worker productivity and liability for offensive material. The recent onset of fraudulent spam variants ( phishing and spoofing) pose an even greater risk.

An increasing number of marketers have discovered that spamming is an extremely inexpensive technique for distributing a sales message.

2 Phishing The term phishing ("password harvesting fishing") describes the fraudulent acquisition, through deception, of sensitive personal information such as passwords and credit card details by masquerading as someone trustworthy with a real need for such information. Phishing is a specific type of spam message that solicits personal information from the recipient, such as social security, credit card and bank account numbers. Phishing*) is the practice of sending out fake emails, or spam, written to appear as if they have been sent by banks or other reputable organisations, with the intent of luring the recipient into revealing sensitive information such as usernames, passwords, account IDs, ATM PINs or credit card details.

The response rate for a spam campaign can be extremely low – far lower than for bulk postal mail, for example – and still generate a profit for a spammer.

3 Spoofing Spoofing is a deceptive form of spam that hides the domain of the spammer or the spam’s origination point. Spammers often hijack the domains of well-known businesses or government entities to enhance the validity to their commercial message or scam.

The combination of spoofing and phishing presents a major threat that can trick most anyone into providing personal information to a spammer.

*) Know your Enemy: Phishing Behind the Scenes of Phishing Attacks

The Honeynet Project & Research Alliance http://www.honeynet.orgLast Modified: 16th May 2005

Spammers are getting more sophisticated in their efforts to avoid spam filtering technologies.*)Sarah Gordon, David M. Chess: Where There's Smoke, There's Mirrors: The Truth about Trojan Horses on the Internet, presented at the Virus Bulletin Conference in Munich, Germany, October 1998).

The 3 that make threats and worse the Spam problems

Spam-Blocking Considerations:

1. Granularity. Different enterprises have different spam filtering requirements. It is important to modify the policy filters so that these filters are consistent with the needs of users and overall corporate policies.

2. False positives. A “false positive” is a legitimate email that an anti-spam filter has mistakenly identified as a spam message. The result could be miss inquiries from prospective customers.

3. Quarantine of email identified as spam. A spam filtering system should trap email messages that have been identified as spam into a “quarantine” area, for review.

4. Latency. Spam filtration provided by an MSP will take slightly longer, because it must be sent to data center. The typical latency in message delivery by the spam filtration process is typically measured in seconds and is not noticeable to end users.

5. Service Level Agreements (SLAs). the SLAs are a guaranteed message system delivery and system uptime or reliability, that should be guaranteed a maximum delivery time, as well as a minimum system uptime percentage. Since multiple data centers can provide faster message delivery time and the increased redundancy.

The economics of spam and phising: The cost to send a spam is negligible,

Cost per person

US$ 1.39

BEP for $20 items

1 in 14

Spam US$ 0.0004 1 in 50,000

Direct mail

According to Ferrish Research, the cost of sending spam in 2003 exceedingUS$ 10,000,000 for corporate organizations. With the volume and threat of spam on the rise, the business costs of spam have increased dramatically.

Spam forces enterprises to spend an average of $49 per e-mail user per year to handle the load. It drains employee productivity as workers waste time reading, deleting or even responding to spam e-mails. Additionally, the sexually explicit nature of many spam messages poses potential liability for enterprises. (August 2003 study from the Radicati Group )

Phishing Technique One – Phishing Through Compromised Web Servers• Most phishing attacks involve attackers breaking in to vulnerable servers and

installing malicious web content. • Honeynet technology allows us to capture in detail the typical life cycle of a phishing attack. • Phishers gain access to the server through this encrypted back door • Mass emailing tools are downloaded and used to advertise the fake web site via spam email • Web traffic arrives at the phishing web site and potential victims access the malicious content. Phishing Technique Two – Phishing Through Port Redirection • In November 2004, the German Honeynet Project deployed a classic GenII honeynet with a

Redhat Linux 7.3 honeypot. It surprisingly took around 2.5 months before the honeypot was successfully compromised.

• On January 11th 2005, an attacker did successfully compromise the honeypot, using an exploit for the OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability present in the default Redhat Linux 7.3 distribution. The attacker installed and configured a port redirection service on the honeypot.

• The attacker did not bother to install a rootkit to hide their presence on the honeypot, and they were not particularly worried about being detected.

• The command used by the attacker to establish port redirection was: redir --lport=80 --laddr=<IP address of honeypot> --cport=80 --caddr=221.4.XXX.XXX

Phishing Technique Three –Phishing Using Botnets

1. The Honeynet Project called "KYE: Tracking Botnets" introduced a method to track botnets. A botnet is a network of compromised computers that can be remotely controlled by an attacker. Due to their immense size, botnets can pose a severe threat to the community when used for Denial-of-Service (DoS) attacks.

2. Incident Timeline Between September 2004 and January 2005, the German Honeynet Project deployed a series of un-patched Microsoft Windows based honeypots to observe botnet activity. Over 100 separate botnets were observed and thousands of files were captured for offline analysis.

3. AnalysisSome versions of bot software captured, providing the capability to remotely start a SOCKS v4/v5 proxy on a compromised host. SOCKS provides a generic proxy mechanism for TCP/IP-based networking applications (RFC 1928). If an attacker with access to a botnet enables the SOCKS proxy functionality on a remote bot, this machine can send bulk spam email.

STRATEGIC ROLES OF THE DIRECTORATE GENERAL OF TELEMATICS APPLICATION

THE MINISTRY OFCOMMUNICATION AND

INFORMATION TECHNOLOGY

DIRECTORATE GENERAL FOR TELEMATICS APPLICATION

PUBLIC POLICY FORMULATION ANDIMPLEMENTATION,

FACILITATING ICT DEVELOPMENTAND BUSINESS CLIMATE

SYMBOLIZING THE GOVERNMENT TOTAL EFFORT IN MATERIALIZING

AN INFORMATION-WELFARE BASED SOCIETY WITH A SOUND ETHICAL

AND MORAL BASED VALUES

BEING A HUB OF THE INTEGRATED INFORAMTION SYSTEM AMONG

GOVERNMENT OFFICES

MASYARAKATINDONESIA

YANG MAJU,CERDAS,

SEJAHTERA,DEMOKRATIS,

DAMAI DANBERKEADILAN

STAKEHOLDERS:

• BISNIS• INDUSTRI• AKADEMISI• PROFESI • MEDIA MASSA• MASYARAKAT TELEMATIKA• PARTAI POLITIK• LSM• NEGARA DONOR• DLL

A comparison…During the Clinton Administration,

the commission set up an e-mail address, uce@ftc.gov, to forward samples of spam. The database now contains 27.5 million of these, and 85,000 more arrive daily.

The agency can't help noticing that, spam is not illegal. Its enforcers can only go after the most obvious forms of fraud. "From the FTC's point of view, whether it's wanted or unwanted, what we're concerned about is whether it's deceptive," Huseman says.

Deceptive is a big category, and in reality almost all spam qualifies. In theory, any of these lies could justify action by the commission.

SBY Administration

On SBY Administration, when an SMS service – his personal HP number ++++++9949 was provided to forward issues of public transparency and personal opinion feed back. Populace complaining on public services during the first three days, made it crashed due to a huge, 15,000 incoming SMS. Then, it needed almost a week to recover and re-build the services with the assistance of Surabaya’s Institute of Technology (ITS) R&D on ICT applications.

An example email demonstrating some of the financial structures behind phishing attacks is show below:

Hello!We finding Europe persons, who can Send/Receive bank wiresfrom our sellings, from our European clients. To not payTAXES from international transfers in Russia. We offer 10%percent from amount u receive and pay all fees, for sendingfunds back.Amount from 1000 euro per day. All this activityare legal in Europe.

Fill this form: http://XXX.info/index.php (before fillinginstall yahoo! messenger please or msn), you will recievefull details very quickly.________________________________________________

SocietyValue, CultureDemographics

SocietyValue, CultureDemographics

GovernmentLegislationRegulation

CompetitionPrevent deception

Court decisionGovernment

market

GovernmentLegislationRegulation

CompetitionPrevent deception

Court decisionGovernment

market

TechnologyInnovationInvention

TechnologyInnovationInvention

EconomicsAffluence, Inflation

EconomicsAffluence, Inflation

R & D

Productivity

Fiscal policy

Good & service

Business service

Public opinionStandard of living

Impact on life style

Public priorities Public mood

Definition & interpretation

Expenditures, incentives

Codification of culture

ICT LIFE STYLE

Characters Analysis:

1. Content filtering;2. Mail monitoring3. Predefined

header analysis4. User defined

header analysis5. Reverse DNS

look up

List & signatures:

6. User whitelist7. Spam whitelist8. User blacklist9. Statistical look up

services10. Real time blackhole list

IntelligentAnalysis:

11. Anomnaly detection engine12. Automated spam management

IntelligentAnalysis:

11. Anomnaly detection engine12. Automated spam management

Total email

volume

Real Mail

users

Policy management:1. Drop2. Label3. Quarantine4. Log

Potential spam

Mail servers:Exchange, Notes,

Groupwise etc

Admin From: Ironmail, Cipher Trust

Techniques to Tackle the Spam Problem:

1. Blacklists, which consist of banned senders of email or the domains and IP addresses from which spam messages have been sent.

2. Keyword filters that scan messages for specific words in the subject line and body of messages.

3. Rules-based systems, in which rules are written to a) detect and block messages that have certain attributes or content, and b) to determine which messages are legitimate.

4. Heuristic analysis, or ‘fingerprinting’, a technique similar to that used to detect viruses, that evaluates messages for specific characteristics that are “spam-like”.

5. Community-based “voting”, in which users can identify messages as spam or legitimate.

6. Challenges, in which a sender not included in a whitelist receives a challenge question or reply request in response to his or her first message to a protected recipient. Once the challenge is successfully answered, the sender is then added to the whitelist.

7. Approved content contained within the message. In this approach, the header of a message contains a specific set of words or other information for which a spam filter will look – if this information is identified within an incoming email’s header, the email is passed through because it is assumed to come from a “trusted” sender.

Venues for Spam Filtration There are three basic venues for eliminating spam from an enterprise messaging system:•Desktop

Advantages:

these systems do not require any additional hardware, since they typically run in the background on the desktop machine.

Further, these systems are a good choice for small organizations that may use a hosted messaging model, such as that offered by an ISP.

Disadvantages:

the enterprise has paid for the bandwidth and storage necessary to deliver spam deep into the enterprise.

Also, the cost of these systems on a per-user basis is often higher than for systems deployed at the server or gateway.

Advantages:

spam is filtered before it ever reaches the end user, thereby minimizing the impact of spam on users and reducing their involvement in maintaining spam filters.

Disadvantages:

these solutions typically require dedicated hardware and additional IT staff time to manage, particularly in messaging environments that serve a large number of users.

Server/gateway

• Managed service provider (MSP)

Advantages:

ease of deployment and ease of management of the anti-spam infrastructure.

Because using an MSP is often as simple as modifying the MX record of a domain and pointing it to the provider’s system.

there is usually very little effort required for an enterprise to deploy or manage such an anti-spam capability.

Further, an MSP-based anti-spam capability can be deployed very quickly.

Disadvantages:

some MSPs do not provide sufficient granularity in tuning spam filters and can impose higher costs than anti-spam solutions that are deployed in-house at the server or gateway.

Also, it is important to consider the financial viability of an MSP, since an MSP’s

unexpected failure to continue operations could impose some level of downtime in an email system,

mean while MX records are transferred to another provider or back in-house

Techniques for Identifying Spam (Prevention technique):

1. Connection analysis identifies where the message is going and where it came from

2. Lexical analysis processes message content to identify spam3. Protocol analysis identifies spam by recognizing abuses of, or deviation

from, e-mail protocols4. Authentication protocols identify legitimate e-mail through reputation lists

and sender identification standards5. Traffic pattern analysis evaluates message traffic and identifies patterns of

behavior that indicate spamming activity6. Auto-learning continuously improves accuracy and eliminates false positives

by learning from users and the network environment*) Butler Group Research

Flexible Message Management• Creates rules to block, copy, quarantine, forward, subject rewrite or strip

headers from messages based on spam profile• Creates targeted rules for individual users, groups (queried from LDAP or

custom lists) or domains• Enables administrators to test rules without interfering with actual mail flow.

1. Connection AnalysisConnection analysis identifies where the message is going and where it came from (blacklists, whitelists and DNS interrogation).• Whitelists specifically exempt senders and recipients from spam filtering, by using e-mail addresses, domain names and IP addresses of users who are exempt from filtering. • DNS interrogation authenticates incoming connections to identify spam from hijacked e-mail servers.

2. Lexical Analysis• Lexical analysis processes message content to identify spam, based on a combination of URL filtering, content filtering and Bayesian filtering.These URLs are critical to spammers as they lead to a site where end-users purchase the spammer’s product.• It contains a default anti-spam dictionary, as well as dictionaries targeted at confidential, malicious and pornographic content, and administrators may add, delete or edit this list as desired.• Bayesian filtering creates evolving dictionaries which rate hundreds of thousands of words by their probability of being in a spam message.

3. Protocol AnalysisProtocol analysis identifies spam by recognizing abuse of or deviation

from e-mail protocols. • It is based on forgery detection, header analysis and domain

spoofing detection.• It identifies message forgeries by analyzing the connection with a set

of heuristic tests to mail headers, including:1. Signatures of spam-generating software2. Violation of e-mail protocols3. Reverse DNS lookups4. Invalid dates5. Forged e-mail addresses.

• Header analysis analyzes custom fields generated by mail servers, particularly bulk mail engines, and gives administrators the ability to monitor and control custom fields used within an organization.

• Domain spoofing allows an enterprise to block messages that originate externally but report the messages originate from an internal domain. The accuracy of the technique is supplemented with the identification of approved relay servers.

4. Authentication ProtocolsAuthentication protocols enhance it’s effectiveness by identifying legitimate e-mail by applying cutting-edge techniques, including reputation lists and sender identification standard. The first product to offer support for the SPF protocol for legitimate, non-spamming e-mailers to validate their e-mail senders and prevent forgery. SPF, which has now merged with Microsoft’s Caller ID protocol, protects end users from phishing, spam and viruses. With legitimate e-mailers designating a whitelist of their domains and IP addresses, it analyzes each e-mail on the correlation of the sender’s IP address and claimed domain, recognizes the forged spam when these two essential elements do not match up.

5. Traffic Pattern AnalysisTraffic pattern analysis evaluates message traffic and identifies patterns of behavior that indicate spamming activity. This approach is particularly useful in protecting against spam-based denial of service attacks or spam-floods.• Bulk Mail Detection monitors messages received by a large number of users around the world.• Honey Pots identify spam messages delivered to fake or hidden e-mail addresses.

6. Auto-learningAuto-learning enables to continuously improve accuracy and eliminate false positives by learning from the users and the environment in which it operates.

Mail firewallConnectionAnalysis Whitelists Blacklists

DNSInterrogation

Firewall™ SpamProfiler™

DynamicThrottling

LexicalAnalysis

URLFiltering

ContentAnalysis

BayesianFiltering

Threat prevention

ProtocolAnalysis

HeaderAnalysis

ForgeryDetection

DomainSpoofingDetection

MultifacetedCorrelationEngine

Protocolenforcement

AuthenticationProtocols

SPF/CallerID

DomainKeys*

TrustedSource™

TrafficpatternAnalysis

AnomalyDetectionEngine

BulkDetection

Honeypots GeneticOptimization™

AutoLearningMail-

UserQuarantine

AdminQuarantine

UserFeedback

IronMail’s Spam Detection Technologies

*to be supporteed when available

B E N E F I T S

1. Spam Volume Reduction from Connection Control significantly improves throughput, scalability and efficiency while contributing to the best ROI in the industry.

2. Protect against fraudulent e-mails sent by spammers, including phishing and spoofing attempts.

3. Control message traffic by identifying spammers and dynamically limiting or rejecting messages from them.

4. Reduce load on e-mail systems by controlling all incoming and outgoing mail and presenting a hard face to the Internet in front of your e-mail system.

5. Prevent attacks at the gateway before they reach vulnerable internal mail servers.

6. Stay ahead of the latest e-mail security threats through CipherTrust’s experienced e-mail © 2004 CipherTrust, Inc. All rights reserved.

Spam and Fraud Protection*)

1. The Spam Profiler correlation engine aggregates the results of multiple spam detection techniques to create a unique spam profile for each message

2. User Quarantine allows corporate end-users to review their personal quarantine queue and create whitelists to provide precise feedback on spam messages

3. Genetic Optimization ™ automatically configures the accuracy and effectiveness of each spam profile, eliminating the need for ongoing maintenance and tuning

4. Hourly updates (can be automatically**)5. Striking Back at Spammers6. Groundbreaking IronMail Connection Control technology uses spam scores

from CipherTrust’s Spam Profiler to create a real-time reputation database of senders at every gateway.

7. Connection Control applies sender reputation to identify spammers, and then dynamically reject or limit messages from them, making the protected site a much less attractive target for spammers.

8. By removing the financial incentive of sending spam, it forces spammers to rethink their approach or halt operations altogether.

*) A component of IronMail - The Secure E-mail Gateway Appliance from CipherTrust ®**) applied through CipherTrust’s Threat Response Updates ™ (TRU)

Action to protecting from SPAM:

1. Adaptive Learning• Adaptive learning systems allow an administrator to create fake e-mail addresses,

or Honey Pots, not associated with an actual employee for the specific purpose of spam collection.

• Spam sent to this address is automatically added to the Bayesian spam pool. 2. Enterprise Spam-Blocking Actions

After identifying spam messages, nine available actions for spam disposal, i.e.:• Dropping the message• Sending a blind copy (for example, to the HR or legal department)• Rerouting the message• Attaching a spam prefix to the subject of the message• Five different forms of quarantine.3. Built for the Enterprise A complete anti-spam solution, it is built for enterprise-

class networks. Key enterprise features include:• Low administration• Spam traps and honey pots• Enterprise spam-blocking actions (end-user and administrator quarantine).4. Zero AdministrationA zero-administration is an anti-spam solution. Through continuous automatic tuning

and adaptive learning from user-accepted behavior, it eliminates the need for e-mail administrators to become anti-spam experts.

5. Comprehensive E-mail SecurityAnti-spam is a complete enterprise e-mail security architecture, not only to identify and block spam, including phishing and spoofing messages, but also provides a complete solution to protect enterprise e-mail systems from other threats.

6. Denial-of-Service AttacksEnterprise networks are often the target of denial-of-service attacks for recreational hackers or malicious network intrusion. For corporations, denial-of-service attacks can result in lack of availability and compromised integrity of mail servers.

7. IntrusionsIntrusion occurs when unauthorized users gain access to an organization's infrastructure. The spammers break in to a mail server to send spam, plant computer code on personal computers, become spam machines or “drones.”

8. Web Mail AttacksWeb mail provides point of intrusion to e-mail systems, to allow mobile workers to access corporate e-mail through a Web browser. Web mail requires a Web server subject to numerous vulnerabilities, blended threats, viruses and worms.

Techniques to improve the quality of deception:

1. Using IP addresses instead of domain names in hyperlinks that address the fake web site.

2. Registering similar sounding DNS domains and setting up fake web sites that closely mimic the domain name of the target web site (i.e. b1gbank.com or bigbnk.com instead of bigbank.com).

3. Embedding hyperlinks from the real target web site into the HTML contents of an email about the fake phishing web site, so that the user's web browser makes most of the HTTP connections to the real web server and only a small number of connections to the fake web server.

4. Encoding or obfuscating the fake web site URL. Depending on the method employed, many users will not notice or understand what has been done to a hyperlink and may assume it is benign. One variant of this technique (IDN spoofing) is to use Unicode URLs that render in browsers in a way that looks like the original web site address but actually link to a fake web site with a different address.

5. Attempting to exploit weaknesses in the user's web browser to mask the true nature of the message content. Microsoft's Internet Explorer and Outlook applications have been particularly vulnerable to such techniques (such as the address bar spoofing or IFrame element bugs).

5. Configuring the fake phishing web site to record any input data that the user submits (such as usernames and passwords), silently log them and then forward the user to the real web site. This might cause a "password incorrect, please retry" error or even be totally transparent, but in either situation many users will not be overly worried and put this event down to their own poor typing, rather than intervention by a malicious third party.

6. Set up a fake web site to act as a proxy for the real web site of the target brand, covertly logging credentials that are not encrypted using SSL (or even registering valid SSL certificates for spoof domains).

7. Redirect victims to a phishing web site by first using malware to install a malicious Browser Helper Object on their local PC. BHOs are DLLs designed to customize and control the Internet Explorer web browser, and if successful, victims can be tricked into believing they are accessing legitimate content when in fact they are accessing a fake web site.

8. Use malware to manipulate the hosts file on a victim's PC that is used to maintain local mappings between DNS names and IP addresses. By inserting a fake DNS entry into a user's hosts file, it will appear that their web browser is connecting to a legitimate web site when in fact it is connecting to a completely different web server hosting the fake phishing web site.

genetika@yahoogroups.com, Indo-Linux@yahoogroups.com, indoCrack@yahoogroups.com, ITCENTER@yahoogroups.com, jasakom-perjuangan@yahoogroups.com, jug-indonesia@yahoogroups.com, mifta-perjuangan@yahoogroups.com, newbie_hacker@yahoogroups.com, MusiLinux@yahoogroups.com, telematika@yahoogroups.comFrom:"dsk" <deskadcc@gmail.com>   Add to Address Book Yahoo! DomainKeys has confirmed that this message was sent by yahoogroups.com. Learn moreDate:Fri, 5 Aug 2005 14:14:41 +0700Subject:[Telematika] OOT:Mohon Bantuan Operator Indosat Tentang Sms Spaming

Saya Minta Tolong kepada rekan semua yg kerja di indosat.yg memiliki kenalan di indosatyg memiliki akses ke system bts,system billing dsbsaya dan beberapa rekan saya di teror oleh orang dari nomor mentari/matrix lewat smsyg berisi menjelek² kan lembaga dan nama baik beberapa orangsaya ingin tahu,darimana asal sms itu (lokasi) dan berapa sms yg dia sebarkansoalnya caranya gak jantan banget,kalau memang dia kecewa,lebih baik di forum terbuka saja. bukan dengan cara² itu Mohon dengan sangat bantuan nya untuk melacak pengirim tsb(^_^)deska

The Spam Prevention Early Warning System

SPEWS is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. It is used by numerous Internet sites as a source of information about the senders of unsolicited bulk email, better known as spam.Users of SPEWS can reprocess these data into formats usable by software for mail filtering.

There is a certain degree of controversy regarding SPEWS' anonymity and its methods. SPEWS remains anonymous to avoid harassment and barratrous lawsuits of the sort which have hampered other anti-spam services such as the MAPS RBL and ORBS. Some regard this anonymity as irresponsible, while others find it sensible.

The SPEWS Web site makes clear that when spam is received, the operators file a complaint with the ISP or other site responsible for the spam source. Only if the spam continues after this complaint is the source listed. However, SPEWS is anonymous, and the site is not told that ignoring the complaint will result in a listing. This has the effect of determining the ISP's response to a normal user's spam complaint, and also discourages "listwashing".

An acceptable alternative to complaining to their own ISP would be to complain to the ISP responsible for the blocking, but some seek to contact SPEWS directly to address their grievances, which is done via the USENET newsgroups news.admin.net-abuse.blocklisting (NANABL) and news.admin.net-abuse.email (NANAE). The latter group is open to absolutely anybody, and participants include anti-spam enthusiasts and other strong-minded people, a small minority of whom prefer to antagonise and mock those who are blocked despite not spamming.

DelistingAccording to the SPEWS FAQ, listings are removed when the spam or spam-support has stopped. Just as they do not solicit nominations for listings, the SPEWS operators do not solicit requests for delistings. There is no contact information published on the SPEWS Web site. There is no spews.org mail server, and the operators of SPEWS do not receive email under the SPEWS name.

DO and DON’T

• Tell companies that know your address ``Don't rent or share my name.'' • Tell the companies that sell information on consumers to remove your name from the

lists they sell. Our free web-based service, JUNKBUSTERS DECLARE, makes this easy by drafting letters for you to the top vendors of personal information.

• Our extensive guide explains how direct marketers get and sell your name, and other ways to tell them not to disclose the information they keep about you.

• Be aware that as you browse the Web, junk data about you is being collected with your every mouse click. Some is even stored in your own files as cookies. The controllers of this data may know who you are and may be selling detailed information about what you search for and which pages you visit. We recommend using privacy-enhancing software to stops cookies and help stay anonymous.

• For more illustrations on how numerous the threats to your privacy are, see our news page.

Stop Spamming :

• Prevention first, because getting your address removed is far more difficult. • Do not threaten the spammer with violence or illegal acts. (E-mail-bombing hurts other

people, not the spammer). • Report the spam to various government agencies. • ISPs and other organizations can do about spam. • Convincing organizations that spam is bad for business. • Pushed on for spamming to be made illegal. • Maintain a list of junk email, and a list of filtering software. • Don't have any Opt Out letters to spammers, (they are fly-by-night individuals who

disregard a simple polite request to stop).

Ethics.

Spam is based on theft of service, fraud and deceit as well as cost shifting to the recipient. The great preponderance of products and services marketed by UCE are of dubious legality.

Any business that depends on stealing from its customers, preying on the innocent, and abusing the open standards of the Internet is -- and should be -- doomed to failure.

Legislation to focus on "opt in" versus "opt out."

1. In opt-out schemes, which the marketers favor, consumers have to take action to declare their unwillingness to receive unsolicited bulk mail.

2. If the system is opt-in, then marketers have to be able to show that consumers have given their consent to receive solicitations. The European Parliament recently voted to adopt opt-in requirements, putting Europe far ahead of the United States in acting against spam.

"The reason is that in fact it's not against the law-you may get people mad at you, but so what, you're doing something perfectly legal," says James Love, director of the Consumer Project on Technology, a Washington-based advocacy group.

If the Copyrights and Ppatents are at stake, the government has used treaties and global pressure.

"Spam should be a good test case for cross-border consumer protection, because everybody thinks a spammer is lower than a sniper.

As remote as an effective solution seems, the spam problem might not be so intractable after all.

For free-speech reasons, any legislation should avoid considering e-mail's content; trying to define key terms like commercial and pornographic only leads to trouble. And it isn't necessary, even short of outlawing spam, two simple measures might be enough to stem the tide:

1. the Internet standards document RFC 2142, recommend that operators of Internet sites use standard email addresses to receive complaints about abuse and email problems. These are abuse@site and postmaster@site.

2. Spam-fighters regard the sending of spam complaints as a courtesy to the site complained-to. Just as in some jurisdictions it is legal to shoot a neighbor's dog if it strays onto one's property and does damage, it is likewise legal to simply refuse all email from a site which emits spam.

http://en.wikipedia.org/wiki/Spam_Prevention_Early_Warning_System

Conclusion:1. E-mail as an internet killer application, nuisance by the appearances of spam;2. Spam that at early emerged as nuisances, now became a threat and spoiled

the internet business and the users as well;3. Spam in Enterprise environments is seriously impacting employee productivity,

email server performance, messaging system storage, and message delivery times.

4. Abolishing spam on the net, need a collaborative efforts, multi sectors approaches (technology based or personal approach) and different levels (personal, organization, enterprise level) and originated from (opt in or opt out) and the legacy system;

5. They key factor for the elimination of spam is not only in technology solution, but also on the law enforcement and the community voluntary voting side.

6. The future trend in internet regulation is for bottom up approach lead by grass roots activists to create an aware of and responsible for internet users to guarding their safe democracy, freedom of expression and of the press, as well as human right and IPR protection.

7. Indonesia, committed to the safeguarding of internet usage for flourishing democracy, as well as to bridging the digital divide.

References:1. August 2002; Paul Graham, Better Bayesian Filtering.2. Controlling Spam the Iro Mailway, June 2004, Ciphertrust.com3. http://en.wikipedia.org/wiki/History_of_spamming. From Wikipedia, the free

encyclopedia;4. How a Service Provider Can Eliminate Spam in the Enterprise © 2003 Osterman

Research, Inc. • P.O. Box 1058 • Black Diamond, Washington 98010-1058;5. James Gleick So Much for the Self-Healing, Self-Governing Net. Spam Has

Defeated It. What Is to Be Done? 6. Know your Enemy: Phishing Behind the Scenes of Phishing Attacks;

The Honeynet Project & Research Alliance ;http://www.honeynet.org16 May 2005;7. New spamming technique; Washington Post - New spamming technique uses Internet

service provider's computers. http://www.washingtonpost.com/wp-dyn/articles/A61901-2005Feb 3.html ;

8. Sarah Gordon, David M. Chess: Where There's Smoke, There's Mirrors: The Truth about Trojan Horses on the Internet, presented at the Virus Bulletin Conference in Munich, Germany, October 1998.

9. Six Apart Guide to Comment Spam; how malicious or unwanted comments ('comment spam') affect weblogs, the techniques spammers use to abuse weblogs. Http://sixapart.com;

10. Spam and Fraud protection, Ciphertrust.com, Ironmail Model.11. Spam Prevention Early Warning System, From Wikipedia, the free encyclopedia.

http://en.wikipedia.org/wiki/Spam_Prevention_Early_Warning_System;