400 likes | 656 Vues
Spamming Techniques and Control. By Neha Gupta Research Assistant, MINDLAB University of Maryland-College Park. Contents. What is Spamming? Cost, history and types of spam Spam Statistics Insight into Spammers minds Spamming tricks and techniques Spam Control Methods and Feasibility.
E N D
Spamming Techniques and Control By Neha Gupta Research Assistant, MINDLAB University of Maryland-College Park
Contents • What is Spamming? • Cost, history and types of spam • Spam Statistics • Insight into Spammers minds • Spamming tricks and techniques • Spam Control Methods and Feasibility
What is Spamming? • Spamming is the abuse of electronic messaging systems send unsolicited bulk messages or to promote products or services. • Most widely recognized abuse is email spam. • instant messaging spam • usenet newsgroup spam • web search engine spam-’Spamdexing’ • spam in blogs • mobile phone messaging spams.
Costs of Spams • Consumption of computer and network resources. • Race between spammers and those who try to control them. • Lost mail and lost time. • Cost United States organizations alone more than $10 billion in 2004.
History of Spam • Internet was first established as for educational and military purpose. • Probably the first spam was sent by an employee of Digital Equipment Corporation on the APRANET- March 1978. • Cantor and Siegel posted an advertisement for "Green Card Lottery“ to 6000 newsgroups -1994.
Global Spam Categories • Product Email Attacks • Financial Email Attacks • Adult Email Attacks • Scams Email Attacks • Health Email Attacks • Leisure Email Attacks • Internet Email Attacks
About Spammers • Refer themselves as ‘bulk marketers’, ’online e-mail marketers’ ,’mail bombers’. • One of the main reasons people started spamming was it had an extremely low start-up cost ~ 1500 K.
Spam activities • Sending spam to sell their products • Examples : pirated software-easily distributable products • Harvesting email addresses • Builds lists of spams and sells to other spammers. • Affiliate Programs: ‘Most common types’ • Click through rate • Commissions • Can make -150-2000$ per campaign
Spam Tricks • Top-to-bottom HTML encoding • Code words as individual letters
Zero Font Size • Embedded Image • Text messages are embedded in images • Adding spaces or characters • B*U*Y or B-U-Y • Misspelling • Replace ‘l’ by 1 ,’O’ by ‘0’ • Hashing • Legitimate message attached with short spam message.
Ways to Send spams/bulk mails • Multiple ISPs • Spoofing Email addresses • Hacking/Viruses
Using Multiple ISPs • Example: spammers send short bursts of messages every 20 seconds from 6 different computers using different ISPs and in 12 hour time span can average over 1.3 million messages.
Spoofing email addresses • Emails use SMTP – simple mail transfer protocol, documented in RFC 821. • Was designed to be simple and easily usable. • Open Relay SMTP servers • No need to verify your identity • Operates on port 25
Spoofing… >telnet mail.abc.com 25 220 ss71.shared.server-system.net ESMTP Sendmail 8.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -0800 helo xyz.com 250 ss71.shared.server-system.net Hello [12.178.219.195], pleased to meet you mail from: 250 OK receipt to :jkl@mail.yahoo.com DATA Blah blah blah .. <CRLF>.<CRLF> 250 OK QUIT
Phishing • Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. • Ebay and Paypal are two of the most targeted companies, and online banks are also common targets
Zombies • More than 80 percent of all spam worldwide comes from zombie PCs owned by businesses, universities, and average computer owners, says MessageLabs, an e-mail security service provider. • Zombie PCs are computers that have been infected by malicious code that allows spammers to use them to send e-mail.
Content or Point Based Spam Filtering Postage/Stamp Based Spam Filtering Spam Control Ideas
Content/Point Based Spam Filtering • Rule Based Approach • Whitelist/Verification filters • Distributed adaptive blacklists • Bayesian filters
Rule Based Approach • Email is compared with a set of rules to determine if it’s a spam or not with various weights given to each rule. E.g. Spam Assassin
Disadvantages • No self-learning facility available for the filter. • Spammers with knowledge of rules can design spam to deceive the method. • Advantages • Very effective with a given set of rules/conditions • Accuracy 90-95% • No need of training • Rules can be updated
Blacklist Approach • Detected spammers/open relays that are found to be sources of spam are black listed • Blacklist can be maintained both at personal and server level.
Advantages Useful in the scenario when servers are compromised and used for sending spam to hundreds of thousands of users. Can be a better option when used at ISP level. Tools like Razor and Pyzor can be used for this purpose. Disadvantages As soon as the spammer learns that the computer is being detected he can use a different computer.
Whitelist Approach • Aggressive technique for spam filtering . • Used in mailing lists.example users subscribed to the mailing list can only send message to the list. • Any mail from an unknown email address will will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to the whitelist.
Bayesian Spam Filters(Statistical Models) • Use probabilistic approach • Have to be trained, not self learning.
Advantages • Very popular • Can customize according to users • No need of a centralized mechanism • Everyone relies on them • Disadvantages • False Positives • Based on words.
Postage/Stamp Method • Pro-active measures against spams. • Based on economics. “When sending an email to someone, the sender attaches a stamp to his message ,a token that is costly to the sender but demonstrates his good faith”
Types of Postage Payment Methods • Monetary Payment Method • First time a sender sends a message he sends some cheque redeemable as money from recipient’s stamp processing software. • Postage can be returned in reply. • After that both are in each others whitelist. • Obstacle • Security problems related to e-cash.
Postage ~ computing resources • The sender’s software makes some kind of computationally expensive computation which is relatively easy for the receiver to check. • E.g calculation of a hash message digest used in CAMRAM project.
Payment ~Human Time • Automated reply from a recipients software. • Sender would connect to a webpage and answer itself as a human spending time answering a simple test which till date only humans can pass.
CAPTCHA-Completely Automated Turing Test to tell Computers and Humans Apart
Implementation of Stamp Payment Protocols • Standardize an Email Postage Payment Protocol . • MUA (Mail User Agent) modification is necessary. • Stamps will be attached with emails in envelopes and headers ,care should be taken to pick the encoding convention .
Business Models for Spreading Postage • Sale of services to IT departments. • Sale of ready-to-use software. • Investment of deposits on postage accounts. • Sale of marketing services
Conclusion • Spams costs time and resources • The design of any information centric system should be such that it can prevent the misuse of resources by malicious users.
References • http://www.symantec.com/avcenter/reference/Symantec_Spam_Report_-_January_2007.pdf • http://fare.tunes.org • An Essay on Spam-Paul Graham • Norman Report-Why spammers spam.
Acknowledgements • Prof. Ashok Agrawala • Mudit Agrawal- proof reading
VIDEO CLIP http://video.google.com/videoplay?docid=-8246463980976635143&q=luis+von+ahn