Learning Center
Plans & pricing Sign in
Sign Out



									 Esra Okasha
Amera Alamre
What is spam ?
  It is an attempt to deliver ,Flooding a message, over the
   Internet, to someone who would not otherwise choose to
   receive it
  Spam is anonymous, waste bandwidth
  An expanded definition includes “pop-up”
  Some of these messages could also contain virus programs
   or even appear to come from legitimate sources, such as
   Banks. Such messages will ask you to complete a
   registration or enter a password (or similar) and are known
   as "Phishing" - their only purpose being to acquire personal
   data or even passwords to your accounts
. Who practices the spamming?

 Spam sent using spamware - programs specifically designed
  to send huge amounts of email (up to 100,000 emails an hour) over
  an ordinary dialup internet connection
 Spam sent by ordinary person who wants to make advertisings
  for his own Web site
 Individual computers that have been infected with a virus /
  Trojan - they connect to the Internet and download lists of email
  addresses and start sending out spam.
Who practices the spamming?

 'Professional' spamhauses. These are company’s setup
  purely to commit theft and fraud. They have permanent internet
  connections, or sometimes have their servers in the premises of
  other crooked service providers. They don't usually spam to
  advertise themselves, instead they find clueless businessmen
  and charge them $1000 or so to send their advert to hundreds of
  thousands of people's mailboxes.
 Today, much of the spam volume is sent by career criminals
  and malicious hackers

 More than 90 billion spam are sent per day in 2007!
Contemporary Spammer Technologies


                                                  Sending spam

              platforms for               Creating the
              mass mailing                message body

Creating address databases

 The first step in running a spammer business is creating an
  email database. Entries do not only consist of email
  addresses; each entry may contain additional information
  such as geographical location, sphere of activity (for
  corporate entries) or interests (for personal entries). A
  database may contain addresses from specific mail
  providers, such as Yandex, Hotmail, AOL etc
How spammer get your address ?!
 Stealing users' personal data using Trojans

 Stealing databases from web services, ISPs etc.

 Spoofing addresses using common combinations of words and
  numbers - john@, destroyer@, alex-2@

 From web pages: Spammers have programs which spider through web
  pages, looking for email addresses,

 From various web and paper forms: Some sites request various details
  via forms, e.g. guest books & registrations forms. Spammers can get
  email addresses from those either because the form becomes available
  on the world wide web, or because the site sells / gives the emails list to

 Buying lists from others (un trusted ISP providers)
Contemporary Spammer Technologies

          Address                                        Sending spam

              platforms for               Creating the
              mass mailing                message body

Address verification
 Once email databases have been created, the addresses
  need to be verified before they can be sold or used for mass
  mailing. Spammers send a variety of trial messages to
  check that addresses are active and that email messages are
  being read.
 Initial test mailing. A test message with a random text
  which is designed to evade spam filters is sent to the entire
  address list. The mail server logs are analyzed for active
  and defunct addresses and the database is cleaned
 Once addresses have been verified, a second message is
  often sent to check whether recipients are reading
  messages. For instance, the message may contain a link to
  a picture on a designated web server. Once the message is
  opened, the picture is downloaded automatically and the
  web site will log the address as active.
Address verification(cont..)
 A more successful method of verifying if an address is
  active is a social engineering technique. Most end users
  know that they have the right to unsubscribe from
  unsolicited and/or unwanted mailings. Spammers take
  advantage of this by sending messages with an
  'unsubscribe' button. Users click on the unsubscribe link
  and a message purportedly unsubscribing the user is sent.
  Instead, the spammer receives confirmation that the
  address in question is not only valid but that the user is
Contemporary Spammer Technologies

          Address                                Sending spam

              platforms for               Creating the
              mass mailing                message body

Creating platforms for mass mailing
 Bot networks - networks of zombie machines infected
  with malware, usually a Trojan, which allow spammers to
  use the infected machines as platforms for mass mailings
  without the knowledge or consent of the owner..
 Direct mailing from rented servers

 Spammer Software:
  An average mass mailing contains about a million
  messages. The objective is to send the maximum number
  of messages in the minimum possible time
Creating platforms for mass mailing(cont..)
These programs need to be able to:
1-Create dynamic texts.
2-Track the validity of an email address database.
3-Detect whether individual messages are delivered or
  not and to resend them from alternate platforms if the
  original platform has been blacklisted.
Contemporary Spammer Technologies

          Address                                Sending spam

              platforms for               Creating the
              mass mailing                message body

Marketing spammer services

 Strangely enough, spammers advertise their services using
  spam. In fact, the advertising which spammers use to
  promote their services are a separate category of spam.
  Spammer-related spam also includes advertisements for
  spammer applications, bot networks and email address
Contemporary Spammer Technologies

          Address                                Sending spam

              platforms for               Creating the
              mass mailing                message body

Creating the message body
 Today, anti-spam filters are sophisticated enough to
  instantly detect and block a large number of identical
  messages. Spammers therefore now make sure that mass
  mailings contain emails with almost identical content, with
  the texts being very slightly altered. They have developed a
  range of methods to mask the similarity between messages
  in each mailing
Creating the message body (cont..)
 Graphical spam. Sending text in graphics format
  hindered automatic text analysis for a period of time,
  though today a good anti-spam solution is able to detect
  and analyze incoming graphics
 Dynamic graphics. Spammers are now utilizing
  complicated graphics with extra information to evade anti-
  spam filters.
 Inclusion of random text strings, words or invisible
 This may be as simple as including a random string of words
  and/or characters or a real text from a real source at either
  the beginning or the end of the message body
The commonest types of spam
 However, when averaged out over the course of the year, 50%
   of spam falls into the following categories:
  Health and Medicine:
 This category includes advertisements for weight loss, skin
   care which can all be bought on-line.
  IT
 This category includes offers for low-priced hardware and
   software as well as services for web site owners such as
   hosting, domain registration, web site optimization and so
  Education/training
 This category includes offers for seminars, training, and on-
   line degrees.
Common spam Examples
 If the title mentions "free pix", "passwords", or money-
    making opportunities, it's spam.
   If there's lots of non-alphabetic characters (e.g. *****, !!!!!,
    ##### etc.), particularly at the start of the title, it's spam.
   If the title mentions a filename ending in ".html" or ".htm",
    it's spam.
   If the title contains a web site address, it's spam.
 If the title ends with a multi-digit number (e.g. "Please
    help 13874"), it's spam.
Common spam Examples
 If the author field consists of a stream of random
    characters, (such as "jsg;rhb" or "dkhvdjblkghsx") it's

 If the author's name is "Webmaster" or reads like an invite
    to a web site, it's probably spam.

 If the title is in an unexpected language (e.g. German), it's
    probably spam.
Ways to Avoid Spam
• Maintain at least two email addresses. You should use your
  private address only for personal correspondence. The
  public address should be the one you use to register on
  public forums, in chat rooms, to subscribe to mailing lists

 Never publish your private address on publicly accessible

 publish your private address electronically as graphics
  file rather than as a link.( if your mail is Try writing Joe-dot-Smith-at-
  yahoo-dot-com instead)
  Ways to Avoid Spam

 Never respond to spam. Most spammers verify receipt and
  log responses. The more you respond, the more spam you will
 Do not click on unsubscribe links from questionable sources.
  Spammers send fake unsubscribe letters in an attempt to
  collect active addresses
 Make sure that your mail is filtered by an anti-spam
  solution. Consider installing a personal anti-spam solution.
 Install anti-spam software
Kaspersky Internet Security
  Bayesian spam filters are a kind of scoring content-
   based filters, too. But this approach does away with the
   problems of simple scoring spam filters, and it does so
   radically. Since the weakness of scoring filters is in the
   manually built list of characteristics and their scores, this
   list is eliminated.
  Instead, Bayesian spam filters build the list themselves.
   Ideally, you start with a (big) bunch of emails that you
   have classified as spam, and another bunch of good mail.
   The filters look at both, and analyze the legitimate mail
   as well as the spam to calculate the probability of various
   characteristics appearing in spam, and in good mail.

The characteristics a Bayesian spam filter can look at :
 the words in the body of the message, of course, and
 its headers (senders and message paths but also
 other aspects such as HTML code (like colors), or even
 word pairs, phrases and
 meta information (where a particular phrase appears,).
How Bayesian Spam Filtering Works
 If a word, "Cartesian" for example, never appears in spam
  but often in your legitimate mail, the probability of
  "Cartesian" indicating spam is near zero. "Toner", on the
  other hand, appears exclusively, and often, in spam.
  "Toner" has a very high probability of being found in spam,
  not much below 1 (100%).
 When a new message arrives, it is analyzed by the Bayesian
  spam filter, and the probability of the complete
  message being spam is calculated using the individual
 Using this auto-adaptive technique, Bayesian filters can
  learn from both their own and the user's decisions (if
  she manually corrects a misjudgment by the filters). The
  adaptability of Bayesian filtering also makes sure they are
  most effective for the individual email user. While most
  people's spam may have similar characteristics, the
  legitimate mail is characteristically different for everybody.

To top