spamming techniques and control

Spamming Techniques Spamming Techniques and Controland Control

By Neha GuptaBy Neha GuptaResearch Assistant, MINDLABResearch Assistant, MINDLAB

University of Maryland-College University of Maryland-College ParkPark

ContentsContents What is Spamming?What is Spamming? Cost, history and types of spamCost, history and types of spam Spam StatisticsSpam Statistics Insight into Spammers mindsInsight into Spammers minds Spamming tricks and techniquesSpamming tricks and techniques Spam Control Methods and Spam Control Methods and

FeasibilityFeasibility

What is Spamming?What is Spamming?

SpammingSpamming is the abuse of electronic is the abuse of electronic messaging systems send unsolicited bulk messaging systems send unsolicited bulk messages or to promote products or services.messages or to promote products or services.

Most widely recognized abuse is email spam.Most widely recognized abuse is email spam. instant messaging spaminstant messaging spam usenet newsgroup spamusenet newsgroup spam web search engine spam-’web search engine spam-’SpamdexingSpamdexing’’ spam in blogsspam in blogs mobile phone messaging spams. mobile phone messaging spams.

Costs of SpamsCosts of Spams Consumption of computer and Consumption of computer and

network resources.network resources. Race between spammers and those Race between spammers and those

who try to control them.who try to control them. Lost mail and lost time.Lost mail and lost time. Cost United States organizations Cost United States organizations

alone more than $10 billion in 2004.alone more than $10 billion in 2004.

History of SpamHistory of Spam Internet was first established as for Internet was first established as for

educational and military purpose.educational and military purpose. Probably the first spam was sent by an Probably the first spam was sent by an

employee of Digital Equipment employee of Digital Equipment Corporation on the APRANET- March 1978.Corporation on the APRANET- March 1978.

Cantor and Siegel posted an Cantor and Siegel posted an advertisement for "Green Card Lottery“ to advertisement for "Green Card Lottery“ to 6000 newsgroups -1994.6000 newsgroups -1994.

Global Spam CategoriesGlobal Spam Categories Product Email AttacksProduct Email Attacks Financial Email AttacksFinancial Email Attacks Adult Email AttacksAdult Email Attacks Scams Email AttacksScams Email Attacks Health Email AttacksHealth Email Attacks Leisure Email AttacksLeisure Email Attacks Internet Email AttacksInternet Email Attacks

Spam StatisticsSpam Statistics

About SpammersAbout Spammers Refer themselves as ‘bulk Refer themselves as ‘bulk

marketers’, ’online e-mail marketers’ marketers’, ’online e-mail marketers’ ,’mail bombers’. ,’mail bombers’.

One of the main reasons people One of the main reasons people started spamming was it had an started spamming was it had an extremely low start-up cost ~ 1500 extremely low start-up cost ~ 1500 K.K.

Spam activitiesSpam activities Sending spam to sell their productsSending spam to sell their products

Examples : pirated software-easily Examples : pirated software-easily distributable productsdistributable products

Harvesting email addressesHarvesting email addresses Builds lists of spams and sells to other Builds lists of spams and sells to other

spammers.spammers. Affiliate Programs: ‘Affiliate Programs: ‘Most common typesMost common types’’

Click through rateClick through rate CommissionsCommissions Can make -150-2000$ per campaignCan make -150-2000$ per campaign

Spam TricksSpam Tricks Top-to-bottom HTML encodingTop-to-bottom HTML encoding

Code words as individual lettersCode words as individual letters

Zero Font SizeZero Font Size Embedded ImageEmbedded Image

Text messages are embedded in imagesText messages are embedded in images Adding spaces or charactersAdding spaces or characters

B*U*Y or B-U-YB*U*Y or B-U-Y Misspelling Misspelling

Replace ‘l’ by 1 ,’O’ by ‘0’Replace ‘l’ by 1 ,’O’ by ‘0’ HashingHashing

Legitimate message attached with short Legitimate message attached with short spam message.spam message.

Ways to Send spams/bulk Ways to Send spams/bulk mailsmails

Multiple ISPsMultiple ISPs

Spoofing Email addressesSpoofing Email addresses

Hacking/VirusesHacking/Viruses

Using Multiple ISPsUsing Multiple ISPs Example: spammers send short Example: spammers send short

bursts of messages every 20 seconds bursts of messages every 20 seconds from 6 different computers using from 6 different computers using different ISPs and in 12 hour time different ISPs and in 12 hour time span can average over 1.3 million span can average over 1.3 million messages.messages.

Spoofing email addressesSpoofing email addresses Emails use SMTP – simple mail Emails use SMTP – simple mail

transfer protocol, documented in RFC transfer protocol, documented in RFC 821.821.

Was designed to be simple and easily Was designed to be simple and easily usable.usable.

Open Relay SMTP serversOpen Relay SMTP servers No need to verify your identityNo need to verify your identity Operates on port 25Operates on port 25

Spoofing…Spoofing…>telnet mail.abc.com 25>telnet mail.abc.com 25220 ss71.shared.server-system.net ESMTP Sendmail 220 ss71.shared.server-system.net ESMTP Sendmail

8.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -08008.12.11/8.12.11; Fri, 8 March 2007 10:17:19 -0800helo xyz.com helo xyz.com 250 ss71.shared.server-system.net Hello [12.178.219.195], 250 ss71.shared.server-system.net Hello [12.178.219.195],

pleased to meet you pleased to meet you mail from:mail from:250 OK250 OKreceipt to :jkl@mail.yahoo.comreceipt to :jkl@mail.yahoo.comDATADATABlah blah blah ..Blah blah blah ..<CRLF>.<CRLF><CRLF>.<CRLF>250 OK250 OKQUITQUIT

PhishingPhishing Phishers attempt to fraudulently acquire Phishers attempt to fraudulently acquire

sensitive information, such as usernames, sensitive information, such as usernames, passwords and credit card details, by passwords and credit card details, by masquerading as a trustworthy entity in masquerading as a trustworthy entity in an electronic communication.an electronic communication.

Ebay and Paypal are two of the most Ebay and Paypal are two of the most targeted companies, and online banks targeted companies, and online banks are also common targets are also common targets

ZombiesZombies More than 80 percent of all spam More than 80 percent of all spam

worldwide comes from zombie PCs owned worldwide comes from zombie PCs owned by businesses, universities, and average by businesses, universities, and average computer owners, says MessageLabs, an computer owners, says MessageLabs, an e-mail security service provider.e-mail security service provider.

Zombie PCs are computers that have Zombie PCs are computers that have been infected by malicious code that been infected by malicious code that allows spammers to use them to send e-allows spammers to use them to send e-mail. mail.

Spam Control IdeasSpam Control Ideas

Content or Point Based Spam Content or Point Based Spam Filtering Filtering

Postage/Stamp Based Spam Postage/Stamp Based Spam FilteringFiltering

Content/Point Based Spam Content/Point Based Spam Filtering Filtering

Rule Based ApproachRule Based Approach Whitelist/Verification filtersWhitelist/Verification filters Distributed adaptive blacklistsDistributed adaptive blacklists Bayesian filtersBayesian filters

Rule Based ApproachRule Based Approach

•Email is compared with a set of rules to Email is compared with a set of rules to determine if it’s a spam or not with various determine if it’s a spam or not with various weights given to each rule. E.g. weights given to each rule. E.g. Spam Spam AssassinAssassin

AdvantagesAdvantages Very effective with a Very effective with a

given set of given set of rules/conditions rules/conditions

Accuracy 90-95%Accuracy 90-95% No need of trainingNo need of training Rules can be Rules can be

updatedupdated

DisadvantagesDisadvantages No self-learning No self-learning

facility available facility available for the filter.for the filter.

Spammers with Spammers with knowledge of knowledge of rules can design rules can design spam to deceive spam to deceive the method.the method.

Blacklist ApproachBlacklist Approach Detected spammers/open relays Detected spammers/open relays

that are found to be sources of spam that are found to be sources of spam are black listedare black listed

Blacklist can be maintained both at Blacklist can be maintained both at personal and server level.personal and server level.

AdvantagesAdvantages

Useful in the scenario Useful in the scenario when servers are when servers are compromised and compromised and used for sending used for sending spam to hundreds of spam to hundreds of thousands of users.thousands of users.

Can be a better Can be a better option when used at option when used at ISP level.ISP level.

Tools like Razor and Tools like Razor and Pyzor can be used for Pyzor can be used for this purpose.this purpose.

DisadvantagesDisadvantages

As soon as the As soon as the spammer learns spammer learns that the computer that the computer is being detected is being detected he can use a he can use a different computer.different computer.

Whitelist ApproachWhitelist Approach Aggressive technique for spam Aggressive technique for spam

filtering .filtering . Used in mailing lists.example users Used in mailing lists.example users

subscribed to the mailing list can only subscribed to the mailing list can only send message to the list.send message to the list.

Any mail from an unknown email address Any mail from an unknown email address will will require a confirmation message will will require a confirmation message the first time posting from that mail the first time posting from that mail address. A confirmation reply adds that address. A confirmation reply adds that address to the whitelist. address to the whitelist.

Bayesian Spam FiltersBayesian Spam Filters(Statistical Models)(Statistical Models)

Use probabilistic approachUse probabilistic approach Have to be trained, not self learning.Have to be trained, not self learning.

AdvantagesAdvantages Very popular Very popular Can customize according to usersCan customize according to users No need of a centralized mechanismNo need of a centralized mechanism Everyone relies on them Everyone relies on them

DisadvantagesDisadvantages False PositivesFalse Positives Based on words.Based on words.

Postage/Stamp MethodPostage/Stamp Method Pro-active measures against spams.Pro-active measures against spams. Based on economics.Based on economics.““When sending an email to someone, When sending an email to someone,

the sender attaches a stamp to his the sender attaches a stamp to his message ,a token that is costly to the message ,a token that is costly to the sender but demonstrates his good sender but demonstrates his good faith”faith”

Types of Postage Payment Types of Postage Payment MethodsMethods

Monetary Payment MethodMonetary Payment Method First time a sender sends a message he First time a sender sends a message he

sends some cheque redeemable as money sends some cheque redeemable as money from recipient’s stamp processing software.from recipient’s stamp processing software.

Postage can be returned in reply.Postage can be returned in reply. After that both are in each others whitelist.After that both are in each others whitelist.

ObstacleObstacle Security problems related to e-cash.Security problems related to e-cash.

Postage ~ computing Postage ~ computing resourcesresources

The sender’s software makes some The sender’s software makes some kind of computationally expensive kind of computationally expensive computation which is relatively easy computation which is relatively easy for the receiver to check.for the receiver to check.

E.g calculation of a hash message E.g calculation of a hash message digest used in CAMRAM project. digest used in CAMRAM project.

Payment ~Human TimePayment ~Human Time Automated reply from a recipients Automated reply from a recipients

software.software. Sender would connect to a webpage Sender would connect to a webpage

and answer itself as a human and answer itself as a human spending time answering a simple spending time answering a simple test which till date only humans can test which till date only humans can pass.pass.

CAPTCHA-Completely CAPTCHA-Completely Automated Turing Test to tell Automated Turing Test to tell Computers and Humans ApartComputers and Humans Apart

Implementation of Stamp Implementation of Stamp Payment ProtocolsPayment Protocols

Standardize an Email Postage Standardize an Email Postage Payment Protocol .Payment Protocol .

MUA (Mail User Agent) modification is MUA (Mail User Agent) modification is necessary.necessary.

Stamps will be attached with emails in Stamps will be attached with emails in envelopes and headers ,care should envelopes and headers ,care should be taken to pick the encoding be taken to pick the encoding convention .convention .

Business Models for Spreading Business Models for Spreading PostagePostage

Sale of services to IT departments.Sale of services to IT departments. Sale of ready-to-use software.Sale of ready-to-use software. Investment of deposits on postage Investment of deposits on postage

accounts.accounts. Sale of marketing servicesSale of marketing services

ConclusionConclusion Spams costs time and resources Spams costs time and resources The design of any information centric The design of any information centric

system should be such that it can system should be such that it can prevent the misuse of resources by prevent the misuse of resources by malicious users.malicious users.

ReferencesReferences

http://www.symantec.com/avcenter/http://www.symantec.com/avcenter/reference/Symantec_Spam_Report_-reference/Symantec_Spam_Report_-_January_2007.pdf_January_2007.pdf

http://fare.tunes.orghttp://fare.tunes.org An Essay on Spam-Paul GrahamAn Essay on Spam-Paul Graham Norman Report-Why spammers Norman Report-Why spammers

spam.spam.

AcknowledgementsAcknowledgements Prof. Ashok AgrawalaProf. Ashok Agrawala Mudit Agrawal- proof readingMudit Agrawal- proof reading

VIDEO CLIP VIDEO CLIP http://video.google.com/videoplay?http://video.google.com/videoplay?

docid=-docid=-8246463980976635143&q=luis+von8246463980976635143&q=luis+von+ahn+ahn

THANKS & QUESTIONSTHANKS & QUESTIONS