spam and anti-spam by aditi desai yousuf haider. agenda introduction purpose of spam types of spam...

21
Spam and Anti-Spam By Aditi Desai Yousuf Haider

Upload: loraine-beasley

Post on 24-Dec-2015

244 views

Category:

Documents


5 download

TRANSCRIPT

Spam and Anti-Spam

By

Aditi Desai

Yousuf Haider

Agenda

Introduction Purpose of Spam Types of Spam Spam Techniques Anti spam Why Spam is so Easy Anti Spam Techniques Ongoing research Conclusion

Introduction Spam- unwanted “junk" e-mail sent to a large

number of people to promote products or services. 1 out of 4 Network Administrators spend more than 1 hour a day

combating spam 1 out of 2 organization’s bandwidth usage is at least 10% spam.

Emphasis on email spam. Discussion on AntiSpam and its Techniques.

Purpose of Spam High potential payoffs in return for very little

effort on the spammer’s part.

Spammers succeed when even a small number of people reply to and purchase some spam-based offering for the spammers to succeed

E.g. Lawrence Canter and Martha Siegel are two of the original, and perhaps most notorious, spammers on the Internet. These immigration attorneys earned their 15 minutes of fame by posting

green card lottery ads on thousands of Usenet groups in 1993.

Mediums of Spam

E-mail spam Instant Messaging and Chat Room spam Chat spam Newsgroup spam and forum spam Mobile phone spam Online game messaging spam Spam targeting search engines (spamdexing) Blog, wiki, and guestbook spam Spam targeting video sharing sites Noncommercial spam

Types of Internet Spam

Unsolicited commercial mails - 68% Adult - 15% Jokes - 9% Chain letters - 4.5% Large file attachments with non-work

related content - 3%.

Types of Spamming Techniques

Email spammingBulk email softwareDictionary spammingDirectory harvest attackSpambotPink contract

Security Implications of Spam Some of the security concerns of spam are:

Unwanted spam messages eat up a tremendous amount of storage space.

Large no. of messages coming in network can overload & create a DoS condition leading to serious email system downtime.

Consequences: email system unavailability, improper message send receive.

,

Network intrusions along with malware, Viruses,Trojan horses, Web bugs wreak havoc on networks, server, and end user systems.

Some of the spam is actually social engineering at work.

Cost Estimates of Spam Despite agreeing that spam is free speech, it costs

people and organizations time and money Taking a real world corporate example,

25 emails/day 150/week7800/year 2 secs. to handle each 4.33/year $40/hr pay 173.33/user/year (???) Each msg is 5KB 7800x 5 = 38MB clutter

These figures count big for large firms with 1000+ employees.

Anti-Spam

The Goal Prevent or minimize the effectiveness of

spammers to send spam to a large number of recipients.

Emphasis on Email Anti Spam

Why Spam is so Easy

Cost of Harvesting or collecting email addresses.

Monetary Cost of sending spam email. Computational Cost of sending spam

email. Legal Cost of sending spam email. Anonymity of the sender.

Anti-Spam Techniques

3 Categories End User Techniques. Automated Techniques for Email

Administrators. Automated Techniques for Email Senders.

End User Techniques

Address ‘Munging’ myname at email dot com Transparent address munging more effective

Disable HTML in e-mail If not disabled might execute malicious scripts Validate email addresses

Reporting spam Track down spammer’s ISP and report Difficult for End user to do and will not work for

botnets or netblocks.

End User Techniques…(contd.)

Disposable Email addresses Disposable temporary address forwards email to

valid address No Response to Spam

Responding validates address Aggressive Response to Spam

Controversial, spam the spammer Automated tools to submit forms on spammer sites Might not work with zombies on botnets

Automated Techniques for Email Administrators Rule Based Systems

Parse incoming email for specific keywords or content and then apply set of rules

May have Distributed community approach Members mark spam Add to database Infer Rules from database

Valid emails may end up in Spam box

Automated Techniques for Email Administrators… (contd.) Challenge-Response Systems

Exploits the spammer anonymity factor. White List – Email from addresses on white list

accepted. Black List – Email from addresses on Black List

rejected For unknown addresses :

Send Challenge to unknown address If valid response received accept the original message.

Automated Techniques for Email Administrators… (contd.) Authentication and Reputation

Reputation system for legitimate servers. Used in conjunction with spam filtering.

Checksum-based filtering Maintain database of checksums of spam emails Compare chechsum of incoming email to detect

DNS Based Blackhole Lists Different kind of lists to indicate servers that send spam

Greylisting Temporarily reject messages from unknown senders Spammers will usually not try resending

Automated Techniques for Email Senders Background checks on new users and

customers Confirmed opt-in for mailing lists

Ongoing Research

Ham passwords Attach ham passwords to email subject line

to verify validity of message Cost-based systems

Stamps - Monetary cost, micro-payments Proof-of-work systems – Computational cost Bonds or Sender-at-risk – Pay cost if

suspicious sender

Conclusion

Arms race between spammers and anti spam techniques

Effective and efficient use of various Anti-Spam techniques as discussed can make spamming less profitable and can prove a way to help FIGHT SPAM.

Distributed Community approach most effective

THANK YOU