Upload
roden
View
39
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Spamming Techniques and Control. By Neha Gupta Research Assistant, MINDLAB University of Maryland-College Park. Contents. What is Spamming? Cost, history and types of spam Spam Statistics Insight into Spammers minds Spamming tricks and techniques Spam Control Methods and Feasibility. - PowerPoint PPT Presentation
Citation preview
Spamming Techniques Spamming Techniques and Controland Control
By Neha GuptaBy Neha GuptaResearch Assistant, MINDLABResearch Assistant, MINDLAB
University of Maryland-College University of Maryland-College ParkPark
ContentsContents What is Spamming?What is Spamming? Cost, history and types of spamCost, history and types of spam Spam StatisticsSpam Statistics Insight into Spammers mindsInsight into Spammers minds Spamming tricks and techniquesSpamming tricks and techniques Spam Control Methods and Spam Control Methods and
FeasibilityFeasibility
What is Spamming?What is Spamming?
SpammingSpamming is the abuse of electronic is the abuse of electronic messaging systems send unsolicited bulk messaging systems send unsolicited bulk messages or to promote products or services.messages or to promote products or services.
Most widely recognized abuse is email spam.Most widely recognized abuse is email spam. instant messaging spaminstant messaging spam usenet newsgroup spamusenet newsgroup spam web search engine spam-’web search engine spam-’SpamdexingSpamdexing’’ spam in blogsspam in blogs mobile phone messaging spams. mobile phone messaging spams.
Costs of SpamsCosts of Spams Consumption of computer and Consumption of computer and
network resources.network resources. Race between spammers and those Race between spammers and those
who try to control them.who try to control them. Lost mail and lost time.Lost mail and lost time. Cost United States organizations Cost United States organizations
alone more than $10 billion in 2004.alone more than $10 billion in 2004.
History of SpamHistory of Spam Internet was first established as for Internet was first established as for
educational and military purpose.educational and military purpose. Probably the first spam was sent by an Probably the first spam was sent by an
employee of Digital Equipment employee of Digital Equipment Corporation on the APRANET- March 1978.Corporation on the APRANET- March 1978.
Cantor and Siegel posted an Cantor and Siegel posted an advertisement for "Green Card Lottery“ to advertisement for "Green Card Lottery“ to 6000 newsgroups -1994.6000 newsgroups -1994.
Global Spam CategoriesGlobal Spam Categories Product Email AttacksProduct Email Attacks Financial Email AttacksFinancial Email Attacks Adult Email AttacksAdult Email Attacks Scams Email AttacksScams Email Attacks Health Email AttacksHealth Email Attacks Leisure Email AttacksLeisure Email Attacks Internet Email AttacksInternet Email Attacks
Spam StatisticsSpam Statistics
About SpammersAbout Spammers Refer themselves as ‘bulk Refer themselves as ‘bulk
marketers’, ’online e-mail marketers’ marketers’, ’online e-mail marketers’ ,’mail bombers’. ,’mail bombers’.
One of the main reasons people One of the main reasons people started spamming was it had an started spamming was it had an extremely low start-up cost ~ 1500 extremely low start-up cost ~ 1500 K.K.
Spam activitiesSpam activities Sending spam to sell their productsSending spam to sell their products
Examples : pirated software-easily Examples : pirated software-easily distributable productsdistributable products
Harvesting email addressesHarvesting email addresses Builds lists of spams and sells to other Builds lists of spams and sells to other
spammers.spammers. Affiliate Programs: ‘Affiliate Programs: ‘Most common typesMost common types’’
Click through rateClick through rate CommissionsCommissions Can make -150-2000$ per campaignCan make -150-2000$ per campaign
Spam TricksSpam Tricks Top-to-bottom HTML encodingTop-to-bottom HTML encoding
Code words as individual lettersCode words as individual letters
Zero Font SizeZero Font Size Embedded ImageEmbedded Image
Text messages are embedded in imagesText messages are embedded in images Adding spaces or charactersAdding spaces or characters
B*U*Y or B-U-YB*U*Y or B-U-Y Misspelling Misspelling
Replace ‘l’ by 1 ,’O’ by ‘0’Replace ‘l’ by 1 ,’O’ by ‘0’ HashingHashing
Legitimate message attached with short Legitimate message attached with short spam message.spam message.
Ways to Send spams/bulk Ways to Send spams/bulk mailsmails
Multiple ISPsMultiple ISPs
Spoofing Email addressesSpoofing Email addresses
Hacking/VirusesHacking/Viruses
Using Multiple ISPsUsing Multiple ISPs Example: spammers send short Example: spammers send short
bursts of messages every 20 seconds bursts of messages every 20 seconds from 6 different computers using from 6 different computers using different ISPs and in 12 hour time different ISPs and in 12 hour time span can average over 1.3 million span can average over 1.3 million messages.messages.
Spoofing email addressesSpoofing email addresses Emails use SMTP – simple mail Emails use SMTP – simple mail
transfer protocol, documented in RFC transfer protocol, documented in RFC 821.821.
Was designed to be simple and easily Was designed to be simple and easily usable.usable.
Open Relay SMTP serversOpen Relay SMTP servers No need to verify your identityNo need to verify your identity Operates on port 25Operates on port 25
Spoofing…Spoofing…>telnet mail.abc.com 25>telnet mail.abc.com 25220 ss71.shared.server-system.net ESMTP Sendmail 220 ss71.shared.server-system.net ESMTP Sendmail
8.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -08008.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -0800helo xyz.com helo xyz.com 250 ss71.shared.server-system.net Hello [12.178.219.195], 250 ss71.shared.server-system.net Hello [12.178.219.195],
pleased to meet you pleased to meet you mail from:mail from:250 OK250 OKreceipt to :[email protected] to :[email protected] blah blah ..Blah blah blah ..<CRLF>.<CRLF><CRLF>.<CRLF>250 OK250 OKQUITQUIT
PhishingPhishing Phishers attempt to fraudulently acquire Phishers attempt to fraudulently acquire
sensitive information, such as usernames, sensitive information, such as usernames, passwords and credit card details, by passwords and credit card details, by masquerading as a trustworthy entity in masquerading as a trustworthy entity in an electronic communication.an electronic communication.
Ebay and Paypal are two of the most Ebay and Paypal are two of the most targeted companies, and online banks targeted companies, and online banks are also common targets are also common targets
ZombiesZombies More than 80 percent of all spam More than 80 percent of all spam
worldwide comes from zombie PCs owned worldwide comes from zombie PCs owned by businesses, universities, and average by businesses, universities, and average computer owners, says MessageLabs, an computer owners, says MessageLabs, an e-mail security service provider.e-mail security service provider.
Zombie PCs are computers that have Zombie PCs are computers that have been infected by malicious code that been infected by malicious code that allows spammers to use them to send e-allows spammers to use them to send e-mail. mail.
Spam Control IdeasSpam Control Ideas
Content or Point Based Spam Content or Point Based Spam Filtering Filtering
Postage/Stamp Based Spam Postage/Stamp Based Spam FilteringFiltering
Content/Point Based Spam Content/Point Based Spam Filtering Filtering
Rule Based ApproachRule Based Approach Whitelist/Verification filtersWhitelist/Verification filters Distributed adaptive blacklistsDistributed adaptive blacklists Bayesian filtersBayesian filters
Rule Based ApproachRule Based Approach
•Email is compared with a set of rules to Email is compared with a set of rules to determine if it’s a spam or not with various determine if it’s a spam or not with various weights given to each rule. E.g. weights given to each rule. E.g. Spam Spam AssassinAssassin
AdvantagesAdvantages Very effective with a Very effective with a
given set of given set of rules/conditions rules/conditions
Accuracy 90-95%Accuracy 90-95% No need of trainingNo need of training Rules can be Rules can be
updatedupdated
DisadvantagesDisadvantages No self-learning No self-learning
facility available facility available for the filter.for the filter.
Spammers with Spammers with knowledge of knowledge of rules can design rules can design spam to deceive spam to deceive the method.the method.
Blacklist ApproachBlacklist Approach Detected spammers/open relays Detected spammers/open relays
that are found to be sources of spam that are found to be sources of spam are black listedare black listed
Blacklist can be maintained both at Blacklist can be maintained both at personal and server level.personal and server level.
AdvantagesAdvantages
Useful in the scenario Useful in the scenario when servers are when servers are compromised and compromised and used for sending used for sending spam to hundreds of spam to hundreds of thousands of users.thousands of users.
Can be a better Can be a better option when used at option when used at ISP level.ISP level.
Tools like Razor and Tools like Razor and Pyzor can be used for Pyzor can be used for this purpose.this purpose.
DisadvantagesDisadvantages
As soon as the As soon as the spammer learns spammer learns that the computer that the computer is being detected is being detected he can use a he can use a different computer.different computer.
Whitelist ApproachWhitelist Approach Aggressive technique for spam Aggressive technique for spam
filtering .filtering . Used in mailing lists.example users Used in mailing lists.example users
subscribed to the mailing list can only subscribed to the mailing list can only send message to the list.send message to the list.
Any mail from an unknown email address Any mail from an unknown email address will will require a confirmation message will will require a confirmation message the first time posting from that mail the first time posting from that mail address. A confirmation reply adds that address. A confirmation reply adds that address to the whitelist. address to the whitelist.
Bayesian Spam FiltersBayesian Spam Filters(Statistical Models)(Statistical Models)
Use probabilistic approachUse probabilistic approach Have to be trained, not self learning.Have to be trained, not self learning.
AdvantagesAdvantages Very popular Very popular Can customize according to usersCan customize according to users No need of a centralized mechanismNo need of a centralized mechanism Everyone relies on them Everyone relies on them
DisadvantagesDisadvantages False PositivesFalse Positives Based on words.Based on words.
Postage/Stamp MethodPostage/Stamp Method Pro-active measures against spams.Pro-active measures against spams. Based on economics.Based on economics.““When sending an email to someone, When sending an email to someone,
the sender attaches a stamp to his the sender attaches a stamp to his message ,a token that is costly to the message ,a token that is costly to the sender but demonstrates his good sender but demonstrates his good faith”faith”
Types of Postage Payment Types of Postage Payment MethodsMethods
Monetary Payment MethodMonetary Payment Method First time a sender sends a message he First time a sender sends a message he
sends some cheque redeemable as money sends some cheque redeemable as money from recipient’s stamp processing software.from recipient’s stamp processing software.
Postage can be returned in reply.Postage can be returned in reply. After that both are in each others whitelist.After that both are in each others whitelist.
ObstacleObstacle Security problems related to e-cash.Security problems related to e-cash.
Postage ~ computing Postage ~ computing resourcesresources
The sender’s software makes some The sender’s software makes some kind of computationally expensive kind of computationally expensive computation which is relatively easy computation which is relatively easy for the receiver to check.for the receiver to check.
E.g calculation of a hash message E.g calculation of a hash message digest used in CAMRAM project. digest used in CAMRAM project.
Payment ~Human TimePayment ~Human Time Automated reply from a recipients Automated reply from a recipients
software.software. Sender would connect to a webpage Sender would connect to a webpage
and answer itself as a human and answer itself as a human spending time answering a simple spending time answering a simple test which till date only humans can test which till date only humans can pass.pass.
CAPTCHA-Completely CAPTCHA-Completely Automated Turing Test to tell Automated Turing Test to tell Computers and Humans ApartComputers and Humans Apart
Implementation of Stamp Implementation of Stamp Payment ProtocolsPayment Protocols
Standardize an Email Postage Standardize an Email Postage Payment Protocol .Payment Protocol .
MUA (Mail User Agent) modification is MUA (Mail User Agent) modification is necessary.necessary.
Stamps will be attached with emails in Stamps will be attached with emails in envelopes and headers ,care should envelopes and headers ,care should be taken to pick the encoding be taken to pick the encoding convention .convention .
Business Models for Spreading Business Models for Spreading PostagePostage
Sale of services to IT departments.Sale of services to IT departments. Sale of ready-to-use software.Sale of ready-to-use software. Investment of deposits on postage Investment of deposits on postage
accounts.accounts. Sale of marketing servicesSale of marketing services
ConclusionConclusion Spams costs time and resources Spams costs time and resources The design of any information centric The design of any information centric
system should be such that it can system should be such that it can prevent the misuse of resources by prevent the misuse of resources by malicious users.malicious users.
ReferencesReferences
http://www.symantec.com/avcenter/http://www.symantec.com/avcenter/reference/Symantec_Spam_Report_-reference/Symantec_Spam_Report_-_January_2007.pdf_January_2007.pdf
http://fare.tunes.orghttp://fare.tunes.org An Essay on Spam-Paul GrahamAn Essay on Spam-Paul Graham Norman Report-Why spammers Norman Report-Why spammers
spam.spam.
AcknowledgementsAcknowledgements Prof. Ashok AgrawalaProf. Ashok Agrawala Mudit Agrawal- proof readingMudit Agrawal- proof reading
VIDEO CLIP VIDEO CLIP http://video.google.com/videoplay?http://video.google.com/videoplay?
docid=-docid=-8246463980976635143&q=luis+von8246463980976635143&q=luis+von+ahn+ahn
THANKS & QUESTIONSTHANKS & QUESTIONS