160 likes | 291 Views
More than just meat in a can. SPAM. Matthew Young CS7493. Outline. Overview What is SPAM? Types History Distribution Prevention Law. Overview : so what is it?. S tupid, P ointless A nnoying M essages Mass unsolicited mailings Mass unsolicited advertisements
E N D
More than just meat in a can SPAM Matthew Young CS7493
Outline • Overview • What is SPAM? • Types • History • Distribution • Prevention • Law
Overview : so what is it? • Stupid, Pointless Annoying Messages • Mass unsolicited mailings • Mass unsolicited advertisements • Bulk or multiple posts • An electronic message is "spam" if (A) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
Overview : Cont’d • The abuse of electronic messaging systems to send unsolicited bulk messages indiscriminately • Types: • Email spam (most common) • Instant messaging spam • Search engine spam (‘spamdexing’) • Blogs • Wiki • Online classified ads • Mobile phone messaging • Internet Forums • Junk Faxes • Social networking spam • Etc.
History: Origins of a new term • Multiple origins of the term • 1860’s: Telegraph lines used to send dubious investment offers • Monty Python’s Flying Circus SPAM skit • Tom Van Vleck: On MIT’s Compatible Time Sharing System (CTSS), in 1971, a sys. admin named Peter Bos used CTSS MAIL to send everyone on the system an anti-war message stating: “THERE IS NO WAY TO PEACE. PEACE IS THE WAY.” • In 1975, Jon Postel posted RFC706 for the Network Working Group stating problems with junk mail • 1978: ARPANET, Gary Turk is credited with sending the first network “SPAM” message to 400 recipients advertising a new computer (DEC-20)
History: Cont’d • How did the term SPAM become commonplace? • It began with MUDs, BBSs and expanded into USENET. • 1980’s, Multi-user dungeons (MUDs) were very popular. Most people used MUDs as a means of chatting with people. • Even earlier, reports of abuse on Bitnet’s Relay chat system (predecessor of IRC). Users had the ability to upload an entire file. People would dump the words from the SPAM song. • Other cases of people posting the SPAM song lyrics to clear a user’s comment from the screen. • Relation to USENET • Most unwanted posts on USENET was the ‘David Rhodes’ “MAKE MONEY FAST” posts. These posts were not labeled SPAM until March of 1993. • Making changes to USENET moderation methods, Richard Depew created ARMM • The software was buggy
Distribution: How common is SPAM? • 2009 MessageLabs Annual Security Report • Detected: 73 million malware variants • Detected: 5 million botnet machines • Detected: 30 thousand unique domains hosting malware • Stopped 60 billion spam messages • Main SPAM distributors : • Botnets (Cheap) • By end of 2009, 83.4% of all spam originated from botnets (MessageLabs) • Between April and November of 2009, Cutwailbotnet may have been responsible for 29% of all SPAM messages (8,500 billion) between April and November of 2009 • Cutwail was responsible for the spread of the Bredolab Trojan dropper (disguised as a .zip file) • Approx. 107 billion spam messages distributed on avg. per day globally • SPAM can come from many different countries • Cisco 2008 Annual Security Report: 15.9% of SPAM came from the US with Turkey following at 7.4%.
Recent Example: Prey on fears • Many spam messages are phishing attempts and involve social networking techniques to gain information or for monetary reasons. • Swine flu (H1N1) outbreak led to an outbreak of SPAM • In April of 2009, cyber criminals began sending out spam messages • Subject lines: “US swine flu fears”, “Swine flu in Hollywood” • Recipients were sent advertisements for prevention drugs • Linked to websites known for selling fake pharmaceutical products
Why is SPAM sent?: Money • Most spam is for making money • Social engineering (phishing scams) • Virus / Trojan distribution • Many scams prey on people giving up financial information including credit card numbers
Prevention: Stopping SPAM • SPAM Filtering • Google’s techniques: http://www.google.com/mail/help/fightspam/spamexplained.html • SPAM filters work by comparing parameters in incoming mail to lists of configurable rules. Example: Checking for certain subject lines or certain keywords • Can be filtered by IP address range • Using ‘white lists’ for correct website addresses to detect phishing attempts • Many types: User defined rule sets, Header filters (checks for forged header info), Language filters, Content filters (using fuzzy logic), and Permission filters (block all mail not sent from an authorized source) • Captcha • Determining if a message poster is a human or a bot. • Simple captcha systems can be beaten using OCR
Prevention: Cont’d • Blogs • WordPress uses software called: Akismet, to prevent spam comments • According to Akismet FAQ, a new comment, trackback, or pingback is submitted to the Akismet WS and based on certain tests run against the comment, the WS returns either a yes or no of whether the comment is SPAM or not. • Stores comment for 15 days and allows preview of the comment to say if it is spam or not. • Software • AVG Internet Security 7.5 • Norton Internet Security 2007 • iHateSpam 5.0 for Outlook Express • McAfee SpamKiller • CA Anti-Spam Plus for Outlook • Email lists • Opt-out of e-mail listings
Law • Congress introduced: “Controlling the Assault of Non-Solicited Pornography and Marketing Act” on January 7, 2003 (S.877) • Also known as: “CAN-SPAM Act” • Became public law: 12/16/2003 • Amends: Chapter 47 of title 18, US Code ( § 1030. Fraud and related activity in connection with computers): • § 1037. Fraud and related activity in connection with electronic mail
§ 1037 • (1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer, • (2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages, • (3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages, • (4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, • (5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses
SPAM Litigations • MySpace vs. The SPAM King • Filed: May 12th, 2008 in US District Court, Central District of California • Case number: CV-07-1929 ABC (AGRx) • MySpace vs. Sanford Wallace (Freevegasclubs.com, Real-vegas-sins.com, Feeble Minded Productions), Walter Rines, Online Turbo Merchant Inc. , and Odysseus Marketing Inc. • Wallace and Rines created MySpace accounts, swiped passwords and then spammed users, sending as many as 735,000+ messages • MySpace awarded $233, 777, 500 under the CAN-SPAM Act and $1,500,000 under the California anti-phishing statute.
References • Definition: http://www.spamhaus.org/definition.html • Gary Turk: http://www.npr.org/templates/story/story.php?storyId=90160617 • History: http://www.templetons.com/brad/spamterm.html • RFC 2635 http://tools.ietf.org/html/rfc2635 • CISCO 2008 Annual Security Report • CISCO 2009 Midyear Security Report • SPAM Filters: http://www.wisegeek.com/what-is-a-spam-filter.htm • MySpace vs. SPAM King http://blogs.zdnet.com/BTL/?p=8814&tag=col1;post-9118