Docstoc

Topics in Email Security - Network Security Office - Washington

Document Sample
Topics in Email Security - Network Security Office - Washington Powered By Docstoc
					Topics in Email Security

       IS&T All Staff Meeting
       Tuesday, April 7, 2011

       Brian Allen, CISSP
      brianallen@wustl.edu
    Network Security Analyst,
 Washington University in St. Louis

 http://nso.wustl.edu/presentations/
       Email Security Tip #1

• Do not click on links in emails
       Email Security Tip #2

• See Tip #1   (Thanks Barb!)
           Spam Product Supplier
                                                       Accountant




       Seller 1              Seller 2                  Seller 3



                                                                    Spammer3
                                            Spammer1
Spammer1          Spammer3
                                                         Spammer2
       Spammer2

                      Spammer1          Spammer3


                                 Spammer2
     Where Does Spam Originate?
         Why Do We Care?
• Spam = Bots (Large armys of infected
  machines sending out spam)
• Bots = Sophisticated Malware
• Sophisticated Malware = Organized Crime
• More than 89% of all email messages were
  spam in 2010 - Symantec
                   Spam is Big Business
• Rates for one million email addresses: $25 to
  $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf



• 10,000 malware installations: $300–$80
• Sending 100 million emails per day: $10,000
  per month                 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf



• Cutwail’s profit for providing spam services:
  $1.7 - $4.2 million since June 2009 – Aug 2010
• How much do the spammers gross per day?
  $7000       http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
        Underground Economy
• Spammers also are involved in:
  – CAPTCHA solving
  – Email harvesting
  – Custom software
  – Bulletproof hosting
  – Proxys
              Spam Volume
• From Jul 30 - Aug 25, 2010 security
  researchers infiltrated the Cutwail spam
  network and discovered 87.7 billion emails
  were successfully sent
                     Spam Content
•   Pornography
•   Online pharmacies
•   Phishing
•   Money mule recruitment
•   Malware
•   The malware (Zeus banking Trojan) typically includes:
    –   Greeting card
    –   Resume
    –   Invitation
    –   Mail delivery failure
    –   Receipt for a recent purchase.
            Spam Blacklisting
• Only about 12% of bots are blacklisted after
  an hour when they come online
• The rate reaches 90% after a period of about
  18 hours




              http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
Spam Volume on
WUSTL Ironports -
   Feb 2011
Phishing Email
Spear Phishing Example



<http://michaelkellett com/ez/wustl.html>
Phishing Example??
   Social Security Number Email 1
From: BOB [BOB@WUSTL.EDU]
Sent: Friday, April 01, 2011 12:54 PM
To: ALICE [ALICE@NOTWUSTL.COM]
Subject: Registration Request

ALICE:
Couldn't remember if I had already sent this request or not.
Please register CHARLIE ( 111-11-1111 ) for the session

Thank you
BOB
    Social Security Number Email 2
From: BOB [BOB@WUSTL.EDU]
Subject: FW: University talk
To: ALICE@NONWUSTL.EDU, CHARLIE@NOTWUSTL.COM
Date: Monday, April 4, 2011, 12:57 PM

Dear Ms. ALICE and CHARLIE,
I sent this e-mail a couple of weeks, but I haven't heard back
   from you yet, so I thought that I would send it again.
Also, my SSN is 222-22-2222 and my home address is:

1234 Oak Ave.
St. Louis, MO 63130
Emails, Like Postcards, Are Not
           Encrypted
   Contact me to discuss encryption
    options for storing or sending
        sensitive information
    Thanks!

http://nso.wustl.edu

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:1/4/2013
language:English
pages:19