more than just meat in a can matthew young cs7493
TRANSCRIPT
More than just meat in a canMatthew Young
CS7493
Overview What is SPAM? Types
HistoryDistributionPreventionLaw
Stupid, Pointless Annoying Messages Mass unsolicited mailings Mass unsolicited advertisements Bulk or multiple posts An electronic message is "spam" if (A) the recipient's
personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
The abuse of electronic messaging systems to send unsolicited bulk messages indiscriminately
Types: Email spam (most common) Instant messaging spam Search engine spam (‘spamdexing’) Blogs Wiki Online classified ads Mobile phone messaging Internet Forums Junk Faxes Social networking spam Etc.
Multiple origins of the term 1860’s: Telegraph lines used to send dubious investment offers Monty Python’s Flying Circus SPAM skit Tom Van Vleck: On MIT’s Compatible Time Sharing System (CTSS), in
1971, a sys. admin named Peter Bos used CTSS MAIL to send everyone on the system an anti-war message stating: “THERE IS NO WAY TO PEACE. PEACE IS THE WAY.”
In 1975, Jon Postel posted RFC706 for the Network Working Group stating problems with junk mail
1978: ARPANET, Gary Turk is credited with sending the first network “SPAM” message to 400 recipients advertising a new computer (DEC-20)
How did the term SPAM become commonplace? It began with MUDs, BBSs and expanded into USENET. 1980’s, Multi-user dungeons (MUDs) were very popular. Most people
used MUDs as a means of chatting with people. Even earlier, reports of abuse on Bitnet’s Relay chat system
(predecessor of IRC). Users had the ability to upload an entire file. People would dump the words from the SPAM song.
Other cases of people posting the SPAM song lyrics to clear a user’s comment from the screen.
Relation to USENET Most unwanted posts on USENET was the ‘David Rhodes’ “MAKE MONEY
FAST” posts. These posts were not labeled SPAM until March of 1993. Making changes to USENET moderation methods, Richard Depew
created ARMM The software was buggy
2009 MessageLabs Annual Security Report Detected: 73 million malware variants Detected: 5 million botnet machines Detected: 30 thousand unique domains hosting malware Stopped 60 billion spam messages
Main SPAM distributors : Botnets (Cheap) By end of 2009, 83.4% of all spam originated from botnets
(MessageLabs) Between April and November of 2009, Cutwail botnet may have been
responsible for 29% of all SPAM messages (8,500 billion) between April and November of 2009
Cutwail was responsible for the spread of the Bredolab Trojan dropper (disguised as a .zip file)
Approx. 107 billion spam messages distributed on avg. per day globally SPAM can come from many different countries
Cisco 2008 Annual Security Report: 15.9% of SPAM came from the US with Turkey following at 7.4%.
Many spam messages are phishing attempts and involve social networking techniques to gain information or for monetary reasons.
Swine flu (H1N1) outbreak led to an outbreak of SPAM In April of 2009, cyber criminals began sending out spam messages Subject lines: “US swine flu fears”, “Swine flu in Hollywood” Recipients were sent advertisements for prevention drugs Linked to websites known for selling fake pharmaceutical products
Most spam is for making money Social engineering (phishing scams) Virus / Trojan distribution Many scams prey on people giving up financial information
including credit card numbers
SPAM Filtering Google’s techniques:
http://www.google.com/mail/help/fightspam/spamexplained.html SPAM filters work by comparing parameters in incoming mail to lists of
configurable rules. Example: Checking for certain subject lines or certain keywords
Can be filtered by IP address range Using ‘white lists’ for correct website addresses to detect phishing attempts Many types: User defined rule sets, Header filters (checks for forged header
info), Language filters, Content filters (using fuzzy logic), and Permission filters (blockall mail not sent from an authorized source)
Captcha Determining if a message poster is a
human or a bot. Simple captcha systems can be beaten
using OCR
Blogs WordPress uses software called: Akismet, to prevent spam comments According to Akismet FAQ, a new comment, trackback, or pingback is
submitted to the Akismet WS and based on certain tests run against the comment, the WS returns either a yes or no of whether the comment is SPAM or not.
Stores comment for 15 days and allows preview of the comment to say if it is spam or not.
Software AVG Internet Security 7.5 Norton Internet Security 2007 iHateSpam 5.0 for Outlook Express McAfee SpamKiller CA Anti-Spam Plus for Outlook
Email lists Opt-out of e-mail listings
Congress introduced: “Controlling the Assault of Non-Solicited Pornography and Marketing Act” on January 7, 2003 (S.877)
Also known as: “CAN-SPAM Act” Became public law: 12/16/2003 Amends: Chapter 47 of title 18, US Code
( § 1030. Fraud and related activity in connection with computers): § 1037. Fraud and related activity in connection with electronic mail
(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names,
(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses
MySpace vs. The SPAM King Filed: May 12th, 2008 in US District Court, Central District of California Case number: CV-07-1929 ABC (AGRx) MySpace vs. Sanford Wallace (Freevegasclubs.com, Real-vegas-
sins.com, Feeble Minded Productions), Walter Rines, Online Turbo Merchant Inc. , and Odysseus Marketing Inc.
Wallace and Rines created MySpace accounts, swiped passwords and then spammed users, sending as many as 735,000+ messages
MySpace awarded $233, 777, 500 under the CAN-SPAM Act and $1,500,000 under the California anti-phishing statute.
Definition: http://www.spamhaus.org/definition.html
Gary Turk: http://www.npr.org/templates/story/story.php?storyId=90160617
History:http://www.templetons.com/brad/spamterm.html
RFC 2635http://tools.ietf.org/html/rfc2635
CISCO 2008 Annual Security Report CISCO 2009 Midyear Security Report SPAM Filters:
http://www.wisegeek.com/what-is-a-spam-filter.htm MySpace vs. SPAM King
http://blogs.zdnet.com/BTL/?p=8814&tag=col1;post-9118