Wednesday, April 8, 2009

Spammer






A Spammer is a term given to a person who takes part in all 3 qualifications for spam. Some of these Spammers are offensive and very persistant. These spammers are the ones who give legitimate marketers a bad name. They will not stop until you tell them to remove you from their contact list.

1 How do spammers harvest email addresses ?

There are many ways in which spammers can get your email address. The ones I know of are :

 

Support

Spammed

 E-mails

Chatroom

100%

News  Group

86%

Standard  Website

86%

Personal  Website

50%

Forum

27%

Webmail

9%














1.1 From mailing lists.

 

                  Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid

                  A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.


1.2 From web pages.

                 Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened]

                 Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page.

                 A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses.



1.3 From a web browser.

                Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include :

               Making the browser fetch one of the page's images through an anonymous FTP connection to the site.

               Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.

                Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser.Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.



1.4 From IRC and chat rooms.

                Some IRC clients will give a user's email address to anyone who cares to ask it. Many spammers harvest email addresses from IRC, knowing that those are 'live' addresses and send spam to those email addresses.This method is used beside the annoying IRCbots that send messages interactively to IRC and chat rooms without attempting to recognize who is participating in the first place.

                 This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam.

                 AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.



1.5 By having access to the same computer.

              If a spammer has an access to a computer, he can usually get a list of valid usernames (and therefore email addresses) on that computer.On unix computers the users file (/etc/passwd) is commonly world readable, and the list of currently logged-in users is listed via the 'who' command.



1.6 From a previous owner of the email address.

               An email address might have been owned by someone else, who disposed of it. This might happen with dialup usernames at ISPs - somebody signs up for an ISP, has his/her email address harvested by spammers, and cancel the account. When somebody else signs up with the same ISP with the same username, spammers already know of it.

               Similar things can happen with AOL screen names - somebody uses a screen name, gets tired of it, releases it. Later on somebody else might take the same screen name.



1.7 Buying lists from others.

                 This one covers two types of trades. The first type consists of buying a list of email addresses (often on CD) that were harvested via other methods, e.g. someone harvesting email addresses from UseNet and sells the list either to a company that wishes to advertise via email (sometimes passing off the list as that of people who opted-in for emailed advertisements) or to others who resell the list.

                The second type consists of a company who got the email addresses legitimately (e.g. a magazine that asks subscribers for their email in order to keep in touch over the Internet) and sells the list forthe extra income. This extends to selling of email addresses acompany got via other means, e.g. people who just emailed the companywith inquiries in any context.The third type consist of technical staff selling the email address for money to spammers. There was a news story about an AOL employee who sold AOL email addresses to a spammer.



1.8 By hacking into sites.

                I've heard rumours that sites that supply free email addresses were hacked in order to get the list of email addresses, somewhatlike e-commerce sites being hacked to get a list of credit cards.




2 DELIVERING SPAM MESSAGES

 

                  Internet users and system administrators have deployed a vast array of techniques to block, filter, or otherwise banish spam from users' mailboxes. Almost all Internet service providers forbid the use of their services to send spam or to operate spam-support services. Both commercial firms and volunteers run subscriber services dedicated to blocking or filtering spam.



2.1 Web mail Services              

  A common practice of spammers is to create accounts on free webmail services, such as Hotmail, to send spam or to receive e-mailed responses from potential customers. Because of the amount of mail sent by spammers, they require several e-mail accounts, and use web bots to automate the creation of these accounts.

                  In an effort to cut down on this abuse, many of these services have adopted a system called thecaptcha: users attempting to create a new account are presented with a graphic of a word, which uses a strange font, on a difficult to read background. Humans are able to read these graphics, and are required to enter the word to complete the application for a new account, while computers are unable to get accurate readings of the words using standard OCR techniques. Blind users of captchas typically get an audio sample.

               Spammers have, however, found a means of circumventing this measure. Reportedly, they have set up sites offering free pornography: to get access to the site, a user displays a graphic from one of these webmail sites, and must enter the word. Once the bot has successfully created the account, the user gains access to the pornographic material. Furthermore, standard image processing techniques work well against many captchas. 



2.2 Using other people's computers

                  Early on, spammers discovered that if they sent large quantities of spam directly from their ISP accounts, recipients would complain and ISPs would shut their accounts down. Thus, one of the basic techniques of sending spam has become to send it from someone else's computer and network connection. By doing this, spammers protect themselves in several ways: they hide their tracks, get others' systems to do most of the work of delivering messages, and direct the efforts of investigatorstowards the other systems rather than the spammers themselves. The increasing broadband usage gave rise to a great number of computers that are online as long as they are turned on, and whose owners do not always take steps to protect them from malware. A botnet consisting of several hundredcompromised machines can effortlessly churn out millions of messages per day. This also complicates the tracing of spammers.



2.3 Open relays
                  In the 1990s, the most common way spammers did this was to use open mail relays. An open relay is an MTA, or mail server, which is configured to pass along messages sent to it from any location, to anyrecipient. In the original SMTP mail architecture, this was the default behavior: a user could send mail to practically any mail server, which would pass it along towards the intended recipient's mail server.

                  The standard was written in an era before spamming when there were few hosts on the internet, and those on the internet abided by a certain level of conduct. While this cooperative, open approach was useful in ensuring that mail was delivered, it was vulnerable to abuse by spammers. Spammers could forward batches of spam through open relays, leaving the job of delivering the messages up to the relays.

                  In response, mail system administrators concerned about spam began to demand that other mail operators configure MTAs to cease being open relays. The first DNSBLs, such as MAPS RBL and the now-defunct ORBS, aimed chiefly at allowing mail sites to refuse mail from known open relays. By 2003 less than 1% of corporate mail servers were available as open relays, down from 91% in 1997.



2.4 Open proxies

                  Within a few years, open relays became rare and spammers resorted to other tactics, most prominently the use of open proxies. A proxy is a network service for making indirect connections to other network services. The client connects to the proxy and instructs it to connect to a server. The server perceives an incoming connection from the proxy, not the original client. Proxies have many purposes, including Web-page caching, protection of privacy, filtering of Web content, and selectively bypassing firewalls.

                  An open proxy is one which will create connections for any client to any server, without authentication. Like open relays, open proxies were once relatively common, as many administrators did not see a need to restrict access to them.

                  A spammer can direct an open proxy to connect to a mail server, and send spam through it. The mail server logs a connection from the proxy -- not the spammer's own computer. This provides an even greater degree of concealment for the spammer than an open relay, since most relays log the client address in the headers of messages they pass. Open proxies have also been used to conceal the sources of attacks against other services besides mail, such as Web sites or IRC servers.

                  Besides relays and proxies, spammers have used other insecure services to send spam. One example is FormMail.pl, a CGI script to allow Web-site users to send e-mail feedback from an HTML form. Several versions of this program, and others like it, allowed the user to redirect e-mail to arbitrary addresses. Spam sent through open FormMail scripts is frequently marked by the program's characteristic opening line: "Below is the result of your feedback form."

                  As spam from proxies and other "spammable" resources grew, DNSBL operators started listing their IP addresses, as well as open relays.

Posted by at No comments:

Types Of Spam

   Spam has several definitions, varying by the source.

  • Unsolicited bulk e-mail (UBE)—unsolicited e-mail, sent in large quantities.
  • Unsolicited commercial e-mail (UCE)—this more restrictive definition is used by regulators whose mandate is to regulate commerce, such as the U.S. Federal Trade Commission.
  • Any email message that is fraudulent.
  • Any email message where the sender’s identity is forged, or messages sent though unprotected SMTP servers, unauthorized proxies, or botnets.

1 Image spam

                  Image spam is an obfuscating method in which the text of the message is stored as a GIF or JPEG image and displayed in the email. This prevents text based spam filters from detecting and blocking spam messages. Image spam is currently used largely to advertise "pump and dump" stocks.

                   Often, image spam contains nonsensical, computer-generated text which simply annoys the reader. However, new technology in some programs try to read the images by attempting to find text in these images. They are not very accurate, and sometimes filter out innocent images of products like a box that has words on it.

                  A newer technique, however, is to use an animated GIF image that does not contain clear text in its initial frame, or to contort the shapes of letters in the image (as in CAPTCHA) to avoid detection by OCRtools.

2 Blank spam

                  Blank spam is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line. Still, it fits the definition of spam because of its nature as bulk and unsolicited email.

                  Blank spam may be originated in different ways, either intentional or unintentionally:

  1. Blank spam can have been sent in a directory harvest attack, a                form of dictionary attack for gathering valid addresses from an email service provider. Since the goal in such an attack is to use the bounces to separate invalid addresses from the valid ones, the spammer may dispense with most elements of the header and the entire message body, and still accomplish his or her goals.
  2. Blank spam may also occur when a spammer forgets or otherwise   fails to add the payload when he or she sets up the spam run.
  3. Often blank spam headers appear truncated, suggesting that computer glitches may have contributed to this problem—from poorly-written spam software to shoddy relay servers, or any problems that may truncate header lines from the message body.
  4. Some spam may appear to be blank when in fact it is not. An example of this is theVBS.Davinia.B email worm which propagates through messages that have no subject line and appears blank, when in fact it uses HTML code to download other files.
Posted by at No comments:

What Is Spam

                The term 'spam' refers broadly to unsolicited bulk e-mail (or ''junk' e-mail'), which 'can be either commercial (such as an advertisement) or noncommercial (such as a joke).' 

                Simply, "spam" is any unwanted e-mail, generally commercial in nature. You can almost always recognize it from the strange, illogical, and sometimes-absurd subject lines. They will offer items at a price that's too good to be true, items that have no use, or services that are illegal in nature.

Posted by at No comments:

Spam-Introduction

                Simply, "spam" is any unwanted e-mail, generally commercial in nature. You can always recognize it from the strange, illogical, and sometimes-absurd subject lines. They will offer items at a price that's too good to be true, items that have no use, or services that are illegal in nature.

               E-mail spam, also known as junk e-mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail. A common synonym for spam is unsolicited bulk e-mail (UBE). Definitions of spam usually include the aspects that email is unsolicited and sent in bulk."UCE" refers specifically to unsolicited commercial e-mail.

                From the beginning of the Internet (the ARPANET), sending of junk e-mail has been prohibited,enforced by the Terms of Service/Acceptable Use Policy (ToS/AUP) of internet service providers (ISPs) and peer pressure. Even with a thousand users junk e-mail for advertising is not tenable, and with a million users it is not only impractical, but also expensive. It is estimated that spam cost businesses on the order of $100 billion in 2007. As the scale of the spam problem has grown, ISPs and the public have turned to government for relief from spam, which has failed to materialize.

Posted by at No comments:

Topology

1 Explorers

                 They are curious about making of logic bomb. Due to  this they result in making a logic bomb

2 Good Samaritans 

                 Dictionary meaning of “Samaritans” is people who are helpful and charitable. So unknowing they become a part in creating a logic bomb as they are unaware of rule violations.


3 Hackers

                 This is a group of people who are selfish and so they create a logic bomb for ego boost.


.4 Machiavellians

                 To advance their personal and career goals.


5 Avengers  

                 For revenge many employee have done this crime.ther can be a huge list of employee who tried to plant a logic bomb in his own company as he was not statisfied with company and wanted to take revenge from company.

For example:

                   In one case, a foreigner who had been residing in Simla, India for almost thirty years wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower rates. When he made an application it was rejected on the grounds that the 169 schemes was available only for citizens of India. He decided to take his revenge. Consequently he sent thousands of mails to the Simla Housing Board and repeatedly kept sending e-mails till their servers crashed.


.6 Career Thieves

                         An employee of a bank in USA was dismissed from his job. Disgruntled at having been supposedly mistreated by his employers the man first introduced a logic bomb into the bank’s systems.   

                   The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the bank’s rosters. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault.

                   It was brought to their notice when a person by the name of Zygler opened his account in that bank. He was surprised to find a sizable amount of money being transferred into his account every Saturday.

.7 Salami attacks:           

                  These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.

Posted by at No comments:

Logic Bomb Forensics

·     Protection against logic bombs

 

·     Risk of logic bomb

 

·     Detecting logic bomb

 

·     Prevention of logic bomb

 

·     Tracing of logic bomb

Posted by at No comments:
Subscribe to: Posts (Atom)