spamming techniques and control
Download
Skip this Video
Download Presentation
Spamming Techniques and Control

Loading in 2 Seconds...

play fullscreen
1 / 40

Spamming Techniques and Control - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Spamming Techniques and Control. By Neha Gupta Research Assistant, MINDLAB University of Maryland-College Park. Contents. What is Spamming? Cost, history and types of spam Spam Statistics Insight into Spammers minds Spamming tricks and techniques Spam Control Methods and Feasibility.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Spamming Techniques and Control' - roden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
spamming techniques and control

Spamming Techniques and Control

By Neha Gupta

Research Assistant, MINDLAB

University of Maryland-College Park

contents
Contents
  • What is Spamming?
  • Cost, history and types of spam
  • Spam Statistics
  • Insight into Spammers minds
  • Spamming tricks and techniques
  • Spam Control Methods and Feasibility
what is spamming
What is Spamming?
  • Spamming is the abuse of electronic messaging systems send unsolicited bulk messages or to promote products or services.
  • Most widely recognized abuse is email spam.
  • instant messaging spam
  • usenet newsgroup spam
  • web search engine spam-’Spamdexing’
  • spam in blogs
  • mobile phone messaging spams.
costs of spams
Costs of Spams
  • Consumption of computer and network resources.
  • Race between spammers and those who try to control them.
  • Lost mail and lost time.
  • Cost United States organizations alone more than $10 billion in 2004.
history of spam
History of Spam
  • Internet was first established as for educational and military purpose.
  • Probably the first spam was sent by an employee of Digital Equipment Corporation on the APRANET- March 1978.
  • Cantor and Siegel posted an advertisement for "Green Card Lottery“ to 6000 newsgroups -1994.
global spam categories
Global Spam Categories
  • Product Email Attacks
  • Financial Email Attacks
  • Adult Email Attacks
  • Scams Email Attacks
  • Health Email Attacks
  • Leisure Email Attacks
  • Internet Email Attacks
about spammers
About Spammers
  • Refer themselves as ‘bulk marketers’, ’online e-mail marketers’ ,’mail bombers’.
  • One of the main reasons people started spamming was it had an extremely low start-up cost ~ 1500 K.
spam activities
Spam activities
  • Sending spam to sell their products
      • Examples : pirated software-easily distributable products
  • Harvesting email addresses
      • Builds lists of spams and sells to other spammers.
  • Affiliate Programs: ‘Most common types’
      • Click through rate
      • Commissions
      • Can make -150-2000$ per campaign
spam tricks
Spam Tricks
  • Top-to-bottom HTML encoding
      • Code words as individual letters
zero font size
Zero Font Size
  • Embedded Image
      • Text messages are embedded in images
  • Adding spaces or characters
      • B*U*Y or B-U-Y
  • Misspelling
      • Replace ‘l’ by 1 ,’O’ by ‘0’
  • Hashing
      • Legitimate message attached with short spam message.
ways to send spams bulk mails
Ways to Send spams/bulk mails
  • Multiple ISPs
  • Spoofing Email addresses
  • Hacking/Viruses
using multiple isps
Using Multiple ISPs
  • Example: spammers send short bursts of messages every 20 seconds from 6 different computers using different ISPs and in 12 hour time span can average over 1.3 million messages.
spoofing email addresses
Spoofing email addresses
  • Emails use SMTP – simple mail transfer protocol, documented in RFC 821.
      • Was designed to be simple and easily usable.
  • Open Relay SMTP servers
      • No need to verify your identity
      • Operates on port 25
spoofing
Spoofing…

>telnet mail.abc.com 25

220 ss71.shared.server-system.net ESMTP Sendmail 8.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -0800

helo xyz.com

250 ss71.shared.server-system.net Hello [12.178.219.195], pleased to meet you

mail from:

250 OK

receipt to :[email protected]

DATA

Blah blah blah ..

<CRLF>.<CRLF>

250 OK

QUIT

phishing
Phishing
  • Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
  • Ebay and Paypal are two of the most targeted companies, and online banks are also common targets
zombies
Zombies
  • More than 80 percent of all spam worldwide comes from zombie PCs owned by businesses, universities, and average computer owners, says MessageLabs, an e-mail security service provider.
  • Zombie PCs are computers that have been infected by malicious code that allows spammers to use them to send e-mail.
content point based spam filtering
Content/Point Based Spam Filtering
  • Rule Based Approach
  • Whitelist/Verification filters
  • Distributed adaptive blacklists
  • Bayesian filters
rule based approach
Rule Based Approach
  • Email is compared with a set of rules to determine if it’s a spam or not with various weights given to each rule. E.g. Spam Assassin
slide23

Disadvantages

    • No self-learning facility available for the filter.
    • Spammers with knowledge of rules can design spam to deceive the method.
  • Advantages
    • Very effective with a given set of rules/conditions
    • Accuracy 90-95%
    • No need of training
    • Rules can be updated
blacklist approach
Blacklist Approach
  • Detected spammers/open relays that are found to be sources of spam are black listed
  • Blacklist can be maintained both at personal and server level.
slide25
Advantages

Useful in the scenario when servers are compromised and used for sending spam to hundreds of thousands of users.

Can be a better option when used at ISP level.

Tools like Razor and Pyzor can be used for this purpose.

Disadvantages

As soon as the spammer learns that the computer is being detected he can use a different computer.

whitelist approach
Whitelist Approach
  • Aggressive technique for spam filtering .
    • Used in mailing lists.example users subscribed to the mailing list can only send message to the list.
    • Any mail from an unknown email address will will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to the whitelist.
bayesian spam filters statistical models
Bayesian Spam Filters(Statistical Models)
  • Use probabilistic approach
  • Have to be trained, not self learning.
slide28
Advantages
    • Very popular
    • Can customize according to users
    • No need of a centralized mechanism
    • Everyone relies on them 
  • Disadvantages
    • False Positives
    • Based on words.
postage stamp method
Postage/Stamp Method
  • Pro-active measures against spams.
  • Based on economics.

“When sending an email to someone, the sender attaches a stamp to his message ,a token that is costly to the sender but demonstrates his good faith”

types of postage payment methods
Types of Postage Payment Methods
  • Monetary Payment Method
    • First time a sender sends a message he sends some cheque redeemable as money from recipient’s stamp processing software.
    • Postage can be returned in reply.
    • After that both are in each others whitelist.
  • Obstacle
    • Security problems related to e-cash.
postage computing resources
Postage ~ computing resources
  • The sender’s software makes some kind of computationally expensive computation which is relatively easy for the receiver to check.
  • E.g calculation of a hash message digest used in CAMRAM project.
payment human time
Payment ~Human Time
  • Automated reply from a recipients software.
  • Sender would connect to a webpage and answer itself as a human spending time answering a simple test which till date only humans can pass.
implementation of stamp payment protocols
Implementation of Stamp Payment Protocols
  • Standardize an Email Postage Payment Protocol .
  • MUA (Mail User Agent) modification is necessary.
  • Stamps will be attached with emails in envelopes and headers ,care should be taken to pick the encoding convention .
business models for spreading postage
Business Models for Spreading Postage
  • Sale of services to IT departments.
  • Sale of ready-to-use software.
  • Investment of deposits on postage accounts.
  • Sale of marketing services
conclusion
Conclusion
  • Spams costs time and resources 
  • The design of any information centric system should be such that it can prevent the misuse of resources by malicious users.
references
References
  • http://www.symantec.com/avcenter/reference/Symantec_Spam_Report_-_January_2007.pdf
  • http://fare.tunes.org
  • An Essay on Spam-Paul Graham
  • Norman Report-Why spammers spam.
acknowledgements
Acknowledgements
  • Prof. Ashok Agrawala
  • Mudit Agrawal- proof reading
video clip
VIDEO CLIP

http://video.google.com/videoplay?docid=-8246463980976635143&q=luis+von+ahn

ad