200 likes | 397 Views
Click Trajectories: End-to-End Analysis of the spam value chain. Kirill Levchenko , Andreas Pitsillidis , Neha Chachra , Brandon Enright , Tristan Halvorson , Chris Kanich , He Liu , Damon McCoy , Geoffrey M. Voelker , Stefan Savage Dept. of CSEE University of California, San Diego
E N D
Click Trajectories: End-to-End Analysis of the spam value chain Kirill Levchenko , Andreas Pitsillidis , Neha Chachra , Brandon Enright , Tristan Halvorson , Chris Kanich , He Liu , Damon McCoy , Geoffrey M. Voelker , Stefan Savage Dept. of CSEE University of California, San Diego M. Felegyhazi Budapest University of Technology and Economics Chris Grier Dept. of CSEE University of California, Berkeley Christian Kreibich , Nicholas Weaver , Vern Paxson International Computer Science Institute Berkeley , CA Presented by Xinruo Zhang 04/04/2012
Outline • Introduction • Implementation • Analysis for a particular example • Data collection method • Contribution • Weakness & improvement
Introduction • Spam-based advertising to us • Think of it merely as junk that jamming inbox • To spammer • Think it is a multi-million business • Spam value chain (aka Spam ecosystem) • botnet, domain, name server, web server, hosting or proxy service acquired
Introduction (cont’d) • Three categories of spam-advertised products • Illegal pharmaceuticals, replica luxury goods and counterfeit software • Nearly 95% of spam-advertised emails contains these three popular products
Implementation • How modern spam works? • Advertising, Click Support and Realization • Advertising • Includes all activities focused on attracting potential customers to pay attention to what the spammers want to sell • The most evolved part of the spam ecosystem, particularly, the delivery of email spam
Implementation • Click Support • In this stage, having delivered their advertisement, a spammer entice the receiver into clicking an embedded URL with their best effort. • Redirection sites, Domains, Name servers, Webs servers, and affiliate programs
Implementation • Click Support • Redirection sites: redirect to additional URLs. Because some spammers directly advertise a URL embedded in email and thus they would encounter various of defensive measures to interfere their activities.
Implementation • Click Support • Domain: typically, a spammer may purchase domains directly from a registrar, however, in real life, they frequently purchase from reseller. • Name server: any registered domain in turn have supporting name server infrastructure. Get infrastructure either by themselves or by third party.
Implementation • Click Support • Stores and Affiliate programs • Today spammers work as affiliates of an online store, earns a commission • The affiliate program provides all technique and materials • Furthermore, affiliate programs even take responsibility for payment and fulfillment service
Implementation • Realization • have brought the customers to an advertised site, the seller realizes the latent value by acquiring the customer’s payment • it contains two processes: Payment service and Fulfillment service
Implementation • Payment service • Standard credit card payment • In order to get the most value • Issuing bank • Customer’s bank • Acquiring bank • Merchant’s bank • Card association network • Visa or MasterCard
Implementation • Fulfillment • Fulfill an order in return for customer’s payment • Shipping issue • Suppliers will offer direct shipping service so affiliate program can avoid warehousing • Virtual products can be got via internet download
Contribution • Lack a solid understanding of the spam-based enterprise’s full structure before • And most anti-spam interventions focus on only one facet of the overall spam value chain • authors present a whole analysis for spam ecosystem with large-scale practical study
Weakness & Improvement • lack of legal and ethical concerns • For some issue concerns the ethics of any implicit harm caused by criminal supplier • only have one medium – email spam • Consider twitter spam, other social network spam