VIEWS: 25 PAGES: 27 POSTED ON: 12/26/2010
Esra Okasha Amera Alamre What is spam ? It is an attempt to deliver ,Flooding a message, over the Internet, to someone who would not otherwise choose to receive it Spam is anonymous, waste bandwidth An expanded definition includes “pop-up” Some of these messages could also contain virus programs or even appear to come from legitimate sources, such as Banks. Such messages will ask you to complete a registration or enter a password (or similar) and are known as "Phishing" - their only purpose being to acquire personal data or even passwords to your accounts . Who practices the spamming? Spam sent using spamware - programs specifically designed to send huge amounts of email (up to 100,000 emails an hour) over an ordinary dialup internet connection Spam sent by ordinary person who wants to make advertisings for his own Web site Individual computers that have been infected with a virus / Trojan - they connect to the Internet and download lists of email addresses and start sending out spam. Who practices the spamming? 'Professional' spamhauses. These are company’s setup purely to commit theft and fraud. They have permanent internet connections, or sometimes have their servers in the premises of other crooked service providers. They don't usually spam to advertise themselves, instead they find clueless businessmen and charge them $1000 or so to send their advert to hundreds of thousands of people's mailboxes. Today, much of the spam volume is sent by career criminals and malicious hackers More than 90 billion spam are sent per day in 2007! Contemporary Spammer Technologies Creating address databases Sending spam Address verification Creating platforms for Creating the mass mailing message body Marketing spammer services Creating address databases The first step in running a spammer business is creating an email database. Entries do not only consist of email addresses; each entry may contain additional information such as geographical location, sphere of activity (for corporate entries) or interests (for personal entries). A database may contain addresses from specific mail providers, such as Yandex, Hotmail, AOL etc How spammer get your address ?! Stealing users' personal data using Trojans Stealing databases from web services, ISPs etc. Spoofing addresses using common combinations of words and numbers - john@, destroyer@, alex-2@ From web pages: Spammers have programs which spider through web pages, looking for email addresses, From various web and paper forms: Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others. Buying lists from others (un trusted ISP providers) Contemporary Spammer Technologies Creating address databases Address Sending spam verification Creating platforms for Creating the mass mailing message body Marketing spammer services Address verification Once email databases have been created, the addresses need to be verified before they can be sold or used for mass mailing. Spammers send a variety of trial messages to check that addresses are active and that email messages are being read. Initial test mailing. A test message with a random text which is designed to evade spam filters is sent to the entire address list. The mail server logs are analyzed for active and defunct addresses and the database is cleaned accordingly Once addresses have been verified, a second message is often sent to check whether recipients are reading messages. For instance, the message may contain a link to a picture on a designated web server. Once the message is opened, the picture is downloaded automatically and the web site will log the address as active. Address verification(cont..) A more successful method of verifying if an address is active is a social engineering technique. Most end users know that they have the right to unsubscribe from unsolicited and/or unwanted mailings. Spammers take advantage of this by sending messages with an 'unsubscribe' button. Users click on the unsubscribe link and a message purportedly unsubscribing the user is sent. Instead, the spammer receives confirmation that the address in question is not only valid but that the user is active. Contemporary Spammer Technologies Creating address databases Address Sending spam verification Creating platforms for Creating the mass mailing message body Marketing spammer services Creating platforms for mass mailing Bot networks - networks of zombie machines infected with malware, usually a Trojan, which allow spammers to use the infected machines as platforms for mass mailings without the knowledge or consent of the owner.. Direct mailing from rented servers Spammer Software: An average mass mailing contains about a million messages. The objective is to send the maximum number of messages in the minimum possible time Creating platforms for mass mailing(cont..) These programs need to be able to: 1-Create dynamic texts. 2-Track the validity of an email address database. 3-Detect whether individual messages are delivered or not and to resend them from alternate platforms if the original platform has been blacklisted. Contemporary Spammer Technologies Creating address databases Address Sending spam verification Creating platforms for Creating the mass mailing message body Marketing spammer services Marketing spammer services Strangely enough, spammers advertise their services using spam. In fact, the advertising which spammers use to promote their services are a separate category of spam. Spammer-related spam also includes advertisements for spammer applications, bot networks and email address databases. Contemporary Spammer Technologies Creating address databases Address Sending spam verification Creating platforms for Creating the mass mailing message body Marketing spammer services Creating the message body Today, anti-spam filters are sophisticated enough to instantly detect and block a large number of identical messages. Spammers therefore now make sure that mass mailings contain emails with almost identical content, with the texts being very slightly altered. They have developed a range of methods to mask the similarity between messages in each mailing Creating the message body (cont..) Graphical spam. Sending text in graphics format hindered automatic text analysis for a period of time, though today a good anti-spam solution is able to detect and analyze incoming graphics Dynamic graphics. Spammers are now utilizing complicated graphics with extra information to evade anti- spam filters. Inclusion of random text strings, words or invisible text: This may be as simple as including a random string of words and/or characters or a real text from a real source at either the beginning or the end of the message body The commonest types of spam However, when averaged out over the course of the year, 50% of spam falls into the following categories: Health and Medicine: This category includes advertisements for weight loss, skin care which can all be bought on-line. IT This category includes offers for low-priced hardware and software as well as services for web site owners such as hosting, domain registration, web site optimization and so forth. Education/training This category includes offers for seminars, training, and on- line degrees. Common spam Examples If the title mentions "free pix", "passwords", or money- making opportunities, it's spam. If there's lots of non-alphabetic characters (e.g. *****, !!!!!, ##### etc.), particularly at the start of the title, it's spam. IF THE TITLE IS ALL IN CAPITALS, it's spam. If the title mentions a filename ending in ".html" or ".htm", it's spam. If the title contains a web site address, it's spam. If the title ends with a multi-digit number (e.g. "Please help 13874"), it's spam. Common spam Examples If the author field consists of a stream of random characters, (such as "jsg;rhb" or "dkhvdjblkghsx") it's spam. If the author's name is "Webmaster" or reads like an invite to a web site, it's probably spam. If the title is in an unexpected language (e.g. German), it's probably spam. . Ways to Avoid Spam • Maintain at least two email addresses. You should use your private address only for personal correspondence. The public address should be the one you use to register on public forums, in chat rooms, to subscribe to mailing lists etc. Never publish your private address on publicly accessible resources publish your private address electronically as graphics file rather than as a link.( if your mail is Joe.Smith@yahoo.com Try writing Joe-dot-Smith-at- yahoo-dot-com instead) Ways to Avoid Spam Never respond to spam. Most spammers verify receipt and log responses. The more you respond, the more spam you will receive. Do not click on unsubscribe links from questionable sources. Spammers send fake unsubscribe letters in an attempt to collect active addresses Make sure that your mail is filtered by an anti-spam solution. Consider installing a personal anti-spam solution. Install anti-spam software Kaspersky Internet Security Bayesian spam filters are a kind of scoring content- based filters, too. But this approach does away with the problems of simple scoring spam filters, and it does so radically. Since the weakness of scoring filters is in the manually built list of characteristics and their scores, this list is eliminated. Instead, Bayesian spam filters build the list themselves. Ideally, you start with a (big) bunch of emails that you have classified as spam, and another bunch of good mail. The filters look at both, and analyze the legitimate mail as well as the spam to calculate the probability of various characteristics appearing in spam, and in good mail. Cont(..) The characteristics a Bayesian spam filter can look at : the words in the body of the message, of course, and its headers (senders and message paths but also other aspects such as HTML code (like colors), or even word pairs, phrases and meta information (where a particular phrase appears,). How Bayesian Spam Filtering Works If a word, "Cartesian" for example, never appears in spam but often in your legitimate mail, the probability of "Cartesian" indicating spam is near zero. "Toner", on the other hand, appears exclusively, and often, in spam. "Toner" has a very high probability of being found in spam, not much below 1 (100%). When a new message arrives, it is analyzed by the Bayesian spam filter, and the probability of the complete message being spam is calculated using the individual characteristics. Cont.. Using this auto-adaptive technique, Bayesian filters can learn from both their own and the user's decisions (if she manually corrects a misjudgment by the filters). The adaptability of Bayesian filtering also makes sure they are most effective for the individual email user. While most people's spam may have similar characteristics, the legitimate mail is characteristically different for everybody.