1 / 21

Matthew Sullivan <matthew@sorbs>

AusCERT 2005. Spam – The attack vector. Matthew Sullivan <matthew@sorbs.net>. Synopsis. What is spam…? Why is it a problem…? Where do viruses fit in…? Spyware, what is it what does it do…? “Phishing”, what is it…? The merging of technologies. The new attack vector.

walda
Download Presentation

Matthew Sullivan <matthew@sorbs>

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AusCERT 2005 Spam – The attack vector Matthew Sullivan <matthew@sorbs.net>

  2. Synopsis • What is spam…? • Why is it a problem…? • Where do viruses fit in…? • Spyware, what is it what does it do…? • “Phishing”, what is it…? • The merging of technologies. • The new attack vector. • What can be done…?

  3. What is Spam...? • Unsolicited Bulk Email…? • Unsolicited Commercial Email…? • Unsolicited Promotional Email…? • Not what we’re sending…? • Unsolicited Email…? • Objectionable Email…? • What the ACA tells us is spam…?

  4. What is Spam...?

  5. What is Spam...?

  6. What is Spam...?

  7. What is Spam...?

  8. What is Spam...?

  9. What is Spam...?

  10. What is Spam...? • All of the above….! • Each message is spam in it’s own right. • Each poses it’s own dangers. • We should be working to stop them all.

  11. Where do viruses fit in…? • Open Relays • Proxy Servers • Spam “Bots” • DoS “Bots” • More sinister directions... • Spyware • Key-loggers

  12. Relays and Proxy Servers... • Open Relays, are they really a problem…? • How about proxy servers….? • The risks: • Open relays are diminished in numbers. • Proxies work both ways. • Proxy servers being delivered in spam.

  13. Spyware, what is it what does it do…? • Tracking movements across the Net • Demographics • Parental Control Software • Surveillance • Key-logging • Complete user tracking • How can we get rid of it…?

  14. “Phishing”, what is it…? • (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. • How do we combat it…? • What can we do when we get caught...? • How can we prevent it…?

  15. The merging of technologies... • Email viruses combining with exploits. • Newer Trojans that avoid system calls to “hide”. • Newer ones allow remote upload of software. • Continually changing ports to avoid detection. • Calling home, or using IRC servers.

  16. The Attack Vector • Open Relays • Open Proxies • Trojans • Viruses • Spyware • What’s this all leading to….? • Spam, Spam, Spam, and more Spam...! • So what is the new attack vector…?

  17. Statistics

  18. Some Statistics From SORBS.

  19. Some Statistics From OpenRBL AHBL The Abusive Hosts Blocking List Hits: 1009 10% BOGONS completewhois.com: Bogon IP's Hits: 144 1% BOPM Blitzed Open Proxy Monitor Hits: 510 6% CBL Composite Blocking List Hits: 3010 24% DRBL Distributed Realtime Blocking List Hits: 1653 11% DSBL Distributed Server Boycott List Hits: 2962 25% FIVETEN Local Blackholes at Five-Ten Hits: 5903 47% JIPPGMA JIPPG's Relay Blackhole List Hits: 142 1% NJABL Not Just Another Bogus List Hits: 1769 16% NOMORE dr. Jørgen Mash's DNSbl Hits: 338 3% ORDB Open Relay DataBase Hits: 167 0% PSBL Passive Spam Block List Hits: 1161 9% SBL Spamhaus Block List Hits: 698 6% SORBS Spam and Open Relay Blocking System Hits: 4643 42% SPAMBAG Spambags Hits: 1167 11% SPAMCOP SpamCop Hits: 1868 17% SPAMRBL Hits: 9 0% SPAMSITE Spamware Peddler and Spamservices Hits: 5 0% SPEWS Spam Prevention Early Warning System Hits: 1552 12% UCEPROT Hits: 880 8% WPBL Weighted Private Block List Hits: 778 7% Which shows statistics mean nothing!

  20. Questions..?

  21. Thank You Matthew Sullivan

More Related