563.8.2 Spam Sonia Jahid University of Illinois Fall 2007.

Slides:

Advertisements

Similar presentations

Basic Communication on the Internet:

Advertisements

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Cyber X-Force-SMS alert system for threats.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Lesson 7: Business, , & Personal Information Management

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

Spam Andy Nguyen 5/17/2004. What is Spam? Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk.

Chapter 30 Electronic Mail Representation & Transfer

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Overview of Exchange 2013 Architecture Transport components shipping with Exchange 2013 Mail Routing Scenarios Transport High Availability SMTP Client.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

1 Enabling Secure Internet Access with ISA Server.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Lecturer : Ms.Trần Thị Ngọc Hoa Chapter 8 File Transfer Protocol – Simple Mail Transfer Protocol.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Technology ICT Option: . Electronic mail is the transmission of mainly text based messages across networks This can be within a particular.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Intro to Computer Networks Bob Bradley The University of Tennessee at Martin.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.

FTP (File Transfer Protocol) & Telnet

Prof. John A. Copeland fax Office: Klaus

CH2 System models.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Understanding Technology Crime Investigation for Managers.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

E- SAFETY GROUP MEMBERS:  MALINI A/P KUMAR  PREMA A/P PARAMASIVAN.

Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Delivery for Spam Mitigation Usenix Security 2012 Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher.

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

SMTP / MIME Florin Zidaru.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

Security fundamentals Topic 9 Securing internet messaging.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.

Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.

Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.

Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.

Social Media And Global Computing Sending

Overview What is Spoofing Types of Spoofing

ONE® Mail Training Presentation

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Presentation transcript:

Spam Sonia Jahid University of Illinois Fall 2007

2 Outline Definition Problem Spam Categories How works: quick overview Why is spam still a problem? Spammers’ approach

3 Definition Submitting the same message to a large group of individuals in an effort to force the message onto people who would otherwise choose not to receive this message. A message is spam only if it is both Unsolicited and Bulk. –Unsolicited is normal (examples: first contact enquiries, job enquiries, sales enquiries) –Bulk is normal (examples: subscriber newsletters, customer communications, discussion lists) What is spam: SpamLawsWhat is spam: Spamhaus

4 Problem MAAWG Metrics Report 07 The statistics reported below are compiled from confidential data provided by participating MAAWG member service operators for Q1 2007

5 Spam Categories Products25% Financial20% Adult19% Scams9% Health7% Internet7% Leisure6% Spiritual4% Other3% Evett 06 According to information compiled by Spam filter review, spam for 2006 can be categorized as shown in the table

6 How Works: Quick Overview helo test 250 mx1.mindspring.com Hello abc.sample.com [ ], pleased to meet you mail from: Sender ok rcpt to: jsmith... Recipient ok data 354 Enter mail, end with "." on a line by itself from: subject: testing John, I am testing e1NMajH24604 Message accepted for delivery quit mx1.mindspring.com closing Connection Connection closed by foreign host. Brain

7 Why Is Spam Still a Problem? Spoofing – system design Headers allow spoofing –Identity concealing Bot-networks Open proxies Open mail relays Untraceable Internet connection –Available bulk tools Boneh 04

8 System Design SMTP protocol provides no security – is not private –can be altered en route –no way to validate the identity of the source Use SMTP-AUTH ? –Not a solution for spam SMTP-AUTH

9 System Design Headers are unreliable, can be used for spoofing –Insert fictitious addresses in the From: lines –Exception: first Received header Received: from unknown (HELO ) ( ) by mail1.infinology.com with SMTP; 16 Nov :50: Received: from [ ] by id ; Sun, 16 Nov :38: MS: Mail Server Tschabitscher

10 How Works: Quick Overview helo test 250 mx1.mindspring.com Hello abc.sample.com [ ], pleased to meet you mail from: Sender ok rcpt to: jsmith... Recipient ok data 354 Enter mail, end with "." on a line by itself from: subject: testing John, I am testing e1NMajH24604 Message accepted for delivery quit mx1.mindspring.com closing Connection Connection closed by foreign host. Brain

11 Identity Concealing: Bot-networks Compromised machines running malicious software Once infected, spammer can send spam from it The bot software hides itself and periodically checks for instructions from the human bot- network administrator s appear to come from legitimate users Example bot-networks: –Phatbot: largest reported bot-network to date, 400,000 drones –Bobax: assimilates machines with high speed Internet connection

12 Identity Concealing: Open Proxies An open proxy is one which will create connections for any client to any server, without authentication Possible for a computer to be running an open proxy server without knowledge of the computer's owner More difficult to detect when chain of open proxies used

13 Identity Concealing: Open Mail Relays An server configured to allow anyone on the Internet to relay through it. Network address of spammer appears in one of the Received: headers Add fake Received: headers

14 Combining Open Proxy and Open Relay Establish TCP connection with Open Proxy1 Connect with Open Proxy2 Send to Open Relay through this chain Forward to destination SMTP server Andreolini Bulgarelli Colajanni Mazzoni 05

15 Identity Concealing: Untraceable Internet Connection Public Internet cafes Free/stolen wireless connections Connections not needing identifying users Need not hide network address –Send directly to spam recipients –No way to associate accounts with the spammer

16 Available Bulk Tools Designed to generate and send about 500, 000 s per hour hiding spammers’ identity –Send-safe Search for open proxies, open relays Download updated list of open proxies Distribute load over multiple open proxies Periodically verify if open proxies working properly –Massiv er –Dark-mailer

17 Spammers’ Approach Gather address – harvesting from web –Gather address from newsgroups –DNS and WHOIS system –Buy data from 3 rd party Generally spam-bots used for harvesting What makes it easy? –Publish addresses Andreolini Bulgarelli Colajanni Mazzoni 05

18 Spammers’ Approach Verify address –A web bug in a spam message written in HTML may cause recipient’s client to transfer its address –Unsubscribing from a service Send messages anonymously

19 Reading List D. Boneh, The Difficulties of Tracing Spam , September 09, 2004The Difficulties of Tracing Spam M. Andreolini, A. Bulgarelli, M. Colajanni, and F. Mazzoni, HoneySpam: Honeypots fighting spam at the source, In Proc. USENIX SRUTI 2005, Cambridge, MA, July 2005.HoneySpam: Honeypots fighting spam at the source H. Tschabitscher, What Headers Can Tell You About the Origin of SpamWhat Headers Can Tell You About the Origin of Spam Spam on WikipediaWikipedia