Spamming techniques and control
This presentation is the property of its rightful owner.
Sponsored Links
1 / 40

Spamming Techniques and Control PowerPoint PPT Presentation


  • 66 Views
  • Uploaded on
  • Presentation posted in: General

Spamming Techniques and Control. By Neha Gupta Research Assistant, MINDLAB University of Maryland-College Park. Contents. What is Spamming? Cost, history and types of spam Spam Statistics Insight into Spammers minds Spamming tricks and techniques Spam Control Methods and Feasibility.

Download Presentation

Spamming Techniques and Control

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Spamming techniques and control

Spamming Techniques and Control

By Neha Gupta

Research Assistant, MINDLAB

University of Maryland-College Park


Contents

Contents

  • What is Spamming?

  • Cost, history and types of spam

  • Spam Statistics

  • Insight into Spammers minds

  • Spamming tricks and techniques

  • Spam Control Methods and Feasibility


What is spamming

What is Spamming?

  • Spamming is the abuse of electronic messaging systems send unsolicited bulk messages or to promote products or services.

  • Most widely recognized abuse is email spam.

  • instant messaging spam

  • usenet newsgroup spam

  • web search engine spam-’Spamdexing’

  • spam in blogs

  • mobile phone messaging spams.


Costs of spams

Costs of Spams

  • Consumption of computer and network resources.

  • Race between spammers and those who try to control them.

  • Lost mail and lost time.

  • Cost United States organizations alone more than $10 billion in 2004.


History of spam

History of Spam

  • Internet was first established as for educational and military purpose.

  • Probably the first spam was sent by an employee of Digital Equipment Corporation on the APRANET- March 1978.

  • Cantor and Siegel posted an advertisement for "Green Card Lottery“ to 6000 newsgroups -1994.


Global spam categories

Global Spam Categories

  • Product Email Attacks

  • Financial Email Attacks

  • Adult Email Attacks

  • Scams Email Attacks

  • Health Email Attacks

  • Leisure Email Attacks

  • Internet Email Attacks


Spam statistics

Spam Statistics


About spammers

About Spammers

  • Refer themselves as ‘bulk marketers’, ’online e-mail marketers’ ,’mail bombers’.

  • One of the main reasons people started spamming was it had an extremely low start-up cost ~ 1500 K.


Spam activities

Spam activities

  • Sending spam to sell their products

    • Examples : pirated software-easily distributable products

  • Harvesting email addresses

    • Builds lists of spams and sells to other spammers.

  • Affiliate Programs: ‘Most common types’

    • Click through rate

    • Commissions

    • Can make -150-2000$ per campaign


  • Spam tricks

    Spam Tricks

    • Top-to-bottom HTML encoding

      • Code words as individual letters


    Zero font size

    Zero Font Size

    • Embedded Image

      • Text messages are embedded in images

  • Adding spaces or characters

    • B*U*Y or B-U-Y

  • Misspelling

    • Replace ‘l’ by 1 ,’O’ by ‘0’

  • Hashing

    • Legitimate message attached with short spam message.


  • Ways to send spams bulk mails

    Ways to Send spams/bulk mails

    • Multiple ISPs

    • Spoofing Email addresses

    • Hacking/Viruses


    Using multiple isps

    Using Multiple ISPs

    • Example: spammers send short bursts of messages every 20 seconds from 6 different computers using different ISPs and in 12 hour time span can average over 1.3 million messages.


    Spoofing email addresses

    Spoofing email addresses

    • Emails use SMTP – simple mail transfer protocol, documented in RFC 821.

      • Was designed to be simple and easily usable.

  • Open Relay SMTP servers

    • No need to verify your identity

    • Operates on port 25


  • Spoofing

    Spoofing…

    >telnet mail.abc.com 25

    220 ss71.shared.server-system.net ESMTP Sendmail 8.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -0800

    helo xyz.com

    250 ss71.shared.server-system.net Hello [12.178.219.195], pleased to meet you

    mail from:

    250 OK

    receipt to :[email protected]

    DATA

    Blah blah blah ..

    <CRLF>.<CRLF>

    250 OK

    QUIT


    Phishing

    Phishing

    • Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

    • Ebay and Paypal are two of the most targeted companies, and online banks are also common targets


    Zombies

    Zombies

    • More than 80 percent of all spam worldwide comes from zombie PCs owned by businesses, universities, and average computer owners, says MessageLabs, an e-mail security service provider.

    • Zombie PCs are computers that have been infected by malicious code that allows spammers to use them to send e-mail.


    Spam control ideas

    Content or Point Based Spam Filtering

    Postage/Stamp Based Spam Filtering

    Spam Control Ideas


    Content point based spam filtering

    Content/Point Based Spam Filtering

    • Rule Based Approach

    • Whitelist/Verification filters

    • Distributed adaptive blacklists

    • Bayesian filters


    Rule based approach

    Rule Based Approach

    • Email is compared with a set of rules to determine if it’s a spam or not with various weights given to each rule. E.g. Spam Assassin


    Spamming techniques and control

    • Disadvantages

      • No self-learning facility available for the filter.

      • Spammers with knowledge of rules can design spam to deceive the method.

    • Advantages

      • Very effective with a given set of rules/conditions

      • Accuracy 90-95%

      • No need of training

      • Rules can be updated


    Blacklist approach

    Blacklist Approach

    • Detected spammers/open relays that are found to be sources of spam are black listed

    • Blacklist can be maintained both at personal and server level.


    Spamming techniques and control

    Advantages

    Useful in the scenario when servers are compromised and used for sending spam to hundreds of thousands of users.

    Can be a better option when used at ISP level.

    Tools like Razor and Pyzor can be used for this purpose.

    Disadvantages

    As soon as the spammer learns that the computer is being detected he can use a different computer.


    Whitelist approach

    Whitelist Approach

    • Aggressive technique for spam filtering .

      • Used in mailing lists.example users subscribed to the mailing list can only send message to the list.

      • Any mail from an unknown email address will will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to the whitelist.


    Bayesian spam filters statistical models

    Bayesian Spam Filters(Statistical Models)

    • Use probabilistic approach

    • Have to be trained, not self learning.


    Spamming techniques and control

    • Advantages

      • Very popular

      • Can customize according to users

      • No need of a centralized mechanism

      • Everyone relies on them 

    • Disadvantages

      • False Positives

      • Based on words.


    Postage stamp method

    Postage/Stamp Method

    • Pro-active measures against spams.

    • Based on economics.

      “When sending an email to someone, the sender attaches a stamp to his message ,a token that is costly to the sender but demonstrates his good faith”


    Types of postage payment methods

    Types of Postage Payment Methods

    • Monetary Payment Method

      • First time a sender sends a message he sends some cheque redeemable as money from recipient’s stamp processing software.

      • Postage can be returned in reply.

      • After that both are in each others whitelist.

    • Obstacle

      • Security problems related to e-cash.


    Postage computing resources

    Postage ~ computing resources

    • The sender’s software makes some kind of computationally expensive computation which is relatively easy for the receiver to check.

    • E.g calculation of a hash message digest used in CAMRAM project.


    Payment human time

    Payment ~Human Time

    • Automated reply from a recipients software.

    • Sender would connect to a webpage and answer itself as a human spending time answering a simple test which till date only humans can pass.


    Captcha completely automated turing test to tell computers and humans apart

    CAPTCHA-Completely Automated Turing Test to tell Computers and Humans Apart


    Implementation of stamp payment protocols

    Implementation of Stamp Payment Protocols

    • Standardize an Email Postage Payment Protocol .

    • MUA (Mail User Agent) modification is necessary.

    • Stamps will be attached with emails in envelopes and headers ,care should be taken to pick the encoding convention .


    Business models for spreading postage

    Business Models for Spreading Postage

    • Sale of services to IT departments.

    • Sale of ready-to-use software.

    • Investment of deposits on postage accounts.

    • Sale of marketing services


    Conclusion

    Conclusion

    • Spams costs time and resources 

    • The design of any information centric system should be such that it can prevent the misuse of resources by malicious users.


    References

    References

    • http://www.symantec.com/avcenter/reference/Symantec_Spam_Report_-_January_2007.pdf

    • http://fare.tunes.org

    • An Essay on Spam-Paul Graham

    • Norman Report-Why spammers spam.


    Acknowledgements

    Acknowledgements

    • Prof. Ashok Agrawala

    • Mudit Agrawal- proof reading


    Video clip

    VIDEO CLIP

    http://video.google.com/videoplay?docid=-8246463980976635143&q=luis+von+ahn


    Thanks questions

    THANKS & QUESTIONS


  • Login