Akshara Pts Report FINAL

8/2/2019 Akshara Pts Report FINAL

1/36

ABSTRACT

With increasing security measures in network services, remote exploitation is getting harder. As a

result, attackers concentrate on more reliable attack vectors like email victims are infected using

either malicious attachments or links leading to malicious websites. Therefore efficient altering and

blocking methods for spam messages are needed. Unfortunately, most spam altering solutions

proposed so far are reactive, they require a large amount of both ham and spam messages to

efficiently generate rules to differentiate between both. In this paper, we introduce a

more proactive approach that allows us to directly collect spam message by interacting with the

spam botnet controllers. We are able to observe current spam runs and obtain a copy of latest spammessages in a fast and efficient way. Based on the collected information we are able to generate

templates that represent a concise summary of a spam run. The collected data can then be used to

improve current spam altering techniques and develop new venues to efficiently alter mails.

1


2/36

Chapter-1

ABOUT CYBER CRIME

The Oxford Reference Online defines cyber crime as crime committed over the Internet. The

Encyclopedia Britannica defines cyber crime as any crime that is committed by means of special

knowledge or expert use of computer technology. So what exactly is Cyber Crime? Cyber crime

could reasonably include a wide variety of criminal offences and activities. The Internet or Cyber

Space as it s sometimes called, is a borderless environment unlike a brick and mortar world. Even

though it is indispensable as a knowledge bank, it is an ideal tool for someone with a criminal bent

of mind, who can use this environment to his/ her maximum advantage. It is not a surprise that

Cyber Crimes like money cyber stalking, denial of service, e-mail abuse, chat abuse and other

crimes are on the rise. Cyber Terrorist and cyber mafia are emerging with great force, whose

activities are going to threaten the sovereignty of nations and world order.

Since the beginning of civilization, man has always been motivated by the need to make progress

and better the existing technologies. This has led to tremendous development and progress which

has been a launching pad for further development . Of all the significant advances made by

mankind from the beginning till date. Probably the most important of them is the development of

Internet to put in a common mans language internet is a global network of computers, all

speaking the same language. In 1969, America's Department of Defense commissioned the

construction of a Super network called ARPANET. The Advanced Research Projects

Agency Network (ARPANET), basically intended as a military network of 40 computers

connected by a web of links & lines. This network slowly grew and the internet was born.

2


3/36

By 1981, over 200 computers were connected from all around the world. Now the figure runs

into millions. The real power of today's internet is that it is available to anyone with a computer

and a telephone line. Internet places in an individual' s hand the power of information and

communication.

Internet usage has significantly increased over the past few years. The number of data packets

which flowed through the Internet increased from 153 million in 1988 to 60,587 million in 1994

Chapter-1

and the number of host computers increased from 235 in 1982 to 3.2 million in 1994.

According to International Data Corporation ("IDC"), approximately 233.3 million devices areestimated to be connected to the Internet by the year 2000 versus approximately12.6 million

devices in 1995. IDC also estimates that approximately 163 million individuals or entities will use

the Internet by the year 2000 as opposed to16.1 million in 1995. If left to its own measure, it is

highly unlikely that such a trend can reverse itself .Internet is believed to be full of anarchy and a

system of law and regulation therein seems contradictory. However, Cyberspace is being

governed by a system of law calledCyberlaw. Cyberlaw is a generic term which refers to all thelegal and regulatory aspects of internet. Publishing a web page is an excellent way for any

business to vastly increase its exposure to millions of individuals world-wide. It is that feature

of the Internet which is causing much controversy in the legal community.

Cyberlaw is a constantly evolving process. As the Internet grows, numerous legal issues arise.

One of the most important issues concerning cyberspace today is that of Cybercrime. WhenInternet was developed, the founding fathers of Internet hardly had any inclination that Internet

could also be misused for criminal activities. Today, there are many disturbing things happening in

cyberspace. Cybercrime refers to all the activities done with criminal intent in cyberspace. These

could be either the criminal activities in the conventional sense or could be activities, newly

evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it

is possible to engage into a variety of criminal activities with impunity and people with

3


4/36

intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal

activities in cyberspace. The field of Cybercrime is just emerging and new forms of criminal

activities in cyberspace are coming to the forefront with the passing of each new day.

There can be no one exhaustive definition about Cybercrime. However, any activities which basically offend human sensibilities, can also be included in its ambit. Child Pornography

on the Internet constitutes one serious Cybercrime. Similarly, online pedophiles, using

internet to induce minor children into sex, are as much Cybercriminals as any other. Cybercrimes

Chapter-1

committed against persons include various crimes like transmission of child-pornography,harassment of any one with the use of a computer such as e-mail, and cyber-stalking. Thetrafficking, distribution, posting, and dissemination of obscene material including

pornography, indecent exposure, and child pornography, constitutes one of the most important

Cybercrimes known today. The potential harm of such a crime to humanity can hardly be

overstated. This is one Cybercrime which threatens to undermine the growth of the younger

generation as also leave irreparable scars and injury on the younger generation, if not

controlled.

Similarly, Cyber harassment is a distinct Cybercrime. Various kinds of harassment can and does

occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial,

religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes.

Cyber harassment as a crime also brings us to another related area of violation of privacy of

netizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes

any other person invading the precious and extremely touchy area of his or her own privacy

which the medium of internet grants to the netizens.Another Cybercrime against persons isthat of Cyberstalking. The Internet is a wonderful place to work, play and study. The Net is no

more and no less than a mirror of the real world. And that means it also contains electronic

versions of real life problems. Stalking and harassments are problems that many persons

4


5/36

especially women, are familiar with in real life. These problems also occur on the Internet,

in what has become known as "Cyberstalking" or "on-line harassment"The second category ofCybercrimes is that of Cybercrimes against all forms of property. These crimes include

unauthorized computer trespassing through cyberspace, computer vandalism, transmission of

harmful programs and unauthorized possession of computerized information.

Hacking and cracking are amongst the gravest Cybercrimes known till date. It is a dreadful feeling

to know that someone has broken into your computer systems without your knowledge and

consent and has tampered with precious confidential data and information.

Chapter-1

Types Of Cyber Crime

There are various types of cyber crime

ber Stalking-

Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber

criminal towards the victim by using Internet services. Stalking in General terms can be referred to

as the repeated acts of harassment targeting the victim such as

1. Following the victim

2. Making harassing phone calls

3. Killing the victims pet

4. Vandalizing victims property

5. Leaving written messages or objects

Stalking may be followed by serious violent acts such as physical harm to the victim and the samehas to be treated and viewed seriously. It all depends on the course of conduct of the stalker.

5


6/36

Cyber-stalking refers to the use of the Internet, e-mail, or other electronic communications device

to stalk another person. It is a relatively new form of harassment, unfortunately, rising to alarming

levels especially in big cities like Mumbai.

1.1.2 Denial Of Service-

This is an act by a criminal, who floods the bandwidth of the victims network or fills his e-mail

box with spam mail depriving him of the services he is entitled to access or provide. This act is

committed by a technique called spoofing and buffer overflow. The criminal spoofs the IP address

and flood the network of the victim with repeated requests. Since the IP address is fake,

Chapter-1

the victim machine keeps waiting for response from the criminals machine for each request. This

consumes the bandwidth of the network which then fails to serve the legitimate requests and

ultimately breaks down.

1.1.3 Software Piracy-

Theft of software through the illegal copying of genuine programs or the counterfeiting and

distribution of products intended to pass for the original is termed as termed as software piracy.

Examples of software piracy

1. End user copying - Friends loaning disks to each other, or organizations underreporting the

number of software installations they have made.

2. Hard disk loading Hard disk vendors loads pirated software

3. Counterfeiting - large-scale duplication and distribution of illegally copied software.

4. Illegal downloads from the Internet - By intrusion, cracking serial numbers etc.

1.1.4 Spoofing-

6


7/36


8/36

1.1.8 Credit Card Fraud-

You simply have to type credit cardnumberiinto www page of the vendor foronline transactionIf

electronic transactions are not securedthe credit card numbers can be stolen bythe hackers who

can misuse this card byimpersonating the credit card owner.

1.1.9 Phishing-

It is technique of pulling out confidential information from the bank/financial institutional account

holders by deceptive means.

Chapter-1

1.1.10 Threatening-

The Criminal sends threatening email or comes in contact iin chat rooms with victim..(Any one

disgruntled may do this against boss,, friend or official).

1.1.11 Salami Attack-

In such crime criminal makes insignificant changes in such a manner that such changes would go

unnoticed.Criminal makes such program that deducts small amount like Rs. 2.50 per month from

the account of all the customer of the Bank and deposit the same in his account. In this case no

account holder will approach the bank for such small amount but criminal gains huge amount.

8


9/36

Chapter-2

INTRODUCTION OF SPAM

Every Internet user knows the word spam and sees it in their inbox quite often. But not everyone

knows that years ago the word spam had nothing to do with either the Internet or emails.Spam

is an acronym derived from the words spiced and ham. In 1937, the Hormel Foods Corporation

(USA) started selling minced sausage made from out-of-date meat. The Americans refused to buy

this unappetizing product. To avoid financial losses the owner of the company, Mr. Hormel,

launched a massive advertizing campaign which resulted in a contract to provide tinned meat

products to the Army and Navy.

In 1937, Hormel Foods began to supply its products to American and allied troops. After World

War 2, with Britain in the grips of an economic crisis, spam was one of the few meat products that

9


10/36

wasnt rationed and hence was widely available. George Orwell, in his book 1984, described

spam as pink meat pieces, which gave a new meaning to the word spam-something disgusting

but inevitable. In December 1970 the BBC television comedy series Monty Pythons Flying Circus

showed a sketch set in a cafe where nearly every item on the menu included spam - the tinned meat

product. As the waiter recited the SPAM-filled menu, a chorus of Viking patrons drowned out all

other conversation with a song repeating "SPAM, SPAM, SPAM, SPAM... lovely SPAM,

wonderful SPAM", hence "SPAMming" the dialogue. Since then spam has been associated with

unwanted, obtrusive, excessive information which suppresses required messages.

In 1993 the term spam was first introduced with reference to unsolicited or undesired bulk

electronic messages. Richard Dephew, administrator of the world-wide distributed Internet

discussion system Usenet, wrote a program which mistakenly caused the release of dozens of

recursive messages onto the news.admin.policy newsgroup. The recipients immediately found an

appropriate name for these obtrusive messages spam.

Chapter-2

On April 12 1994, a husband-and-wife firm of lawyers, Canter & Siegel, posted the first massive

spam mailing. The companys programmer employed Usenet to advertise the services offered by

Canter & Siegel, thus giving a start to commercial spam. Today the word spam is widely used in

email terminology, though Hormel tinned meat products are still on sale in the USA.

Before we define exactly what spam is, a few words should be said about spam in general and how

it is understood in other countries.Depending on the goals of the sender (spammer), spam

(unsolicited bulk email) may contain commercial information, or have nothing to do with it at all.

In other words, according to the content of the message, spam is divided into unsolicited

commercial email (UCE) and unsolicited bulk email (UBE).An email may contain information

10


11/36

about its content in the SUBJECT field, whilst in the body of the message a sender may explain

why they have addresses a recipient without asking their permission and what the recipient must

do in order not to get emails from the sender in the future. In other words, if a user wants to

unsubscribe from unsolicited emails (opt-out) they must follow the instructions of the spammer,

which as a rule, will require information about the users email address or the need to call a

telephone number (usually a toll-free phone number).

Spammers know that they are sending out unsolicited information and try to make it seem as

though they do not want to inconvenience the user through clever use of the SUBJECT field text

and the inclusion of an unsubscribe mechanism. In fact, spammers do not care about reducing the

inconvenience caused by spam, and what is more, they dodge responsibility for their actions by

using spoofed sender addresses, third-party addresses or fake message headings. Their only goal is

to impede the identification of the sender and thus to prevent any possible retribution.

According to Kaspersky Lab, the definition of spam is anonymous, unsolicited bulk email.

Let's take a closer look at each component of the definition:

Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual

sender.

Chapter-2

Mass mailing: real spam is sent in enormous quantities. Spammers make money from the small

percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails

have to be high-volume.

Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to

receive may resemble spam, but are actually legitimate mail. In other words, the same piece of

11


12/36

mail can be classed as both spam and legitimate mail depending on whether or not the user elected

to receive it.

It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.

Many spam messages are neither advertising nor any type of commercial proposition. In additionto offering goods and services, spam mailings can fall into the following categories:

Political messages

Quasi-charity appeals

Financial scams

Chain letters

Fake spam being used to spread malware

Because some unsolicited correspondence may be of interest to the recipient, a quality anti-spam

solution should be able to distinguish between true spam (unsolicited, bulk mailing) and

unsolicited correspondence.True spam should be reviewed or deleted at the recipient's

convenience. Unsolicited correspondence may also be filtered, but this should be carried out

carefully because a legitimate commercial proposition, a charity appeal, an invitation addressed

personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail,butnot as spam. Legitimate messages may also include delivery failure messages, misdirected

messages, messages from system administrators or even messages from old friends who have not

previously corresponded with the recipient by email. Unsolicited - yes. Unwanted not

necessarily.

Chapter-2

2.1 Purpose Of Spam

12


13/36

The purpose of span is almost always to make money. Some spam promotes a product or invites

you to visit a website,other spam tries to trick you into investing in fraudulent schemes,or

revealing your bank or credit card details.spam email sent to a large no. of people to promote

products or sevices.some spam messages appear to come from authentic sources,such as banks.

Spammer succeed when even a small number of prople reply to and purchase some spam based

offering for the spammers to succeed.Some messages will ask you to complete registration or enter

a password & are known as phishing,their only purpose being to acquire personal data or even

passwords to accounts.

2.2 Who Practices The Spamming

Spam sent using spamware - programs specifically designed to send huge amounts of email (up to

100,000 emails an hour) over an ordinary dialup internet connection

Spam sent by ordinary person who wants to make advertisings for his own Web site

Individual computers that have been infected with a virus / Trojan - they connect to the Internet

and download lists of email addresses and start sending out spam.

Professional' spamhauses. These are companys setup purely to commit theft and fraud. The have

permanent internet connections, or sometimes have their servers in the premises of other crooked

service providers. They don't usually spam to advertise themselves, instead they find clueless

businessmen and charge them $1000 or so to send their advert to hundreds of thousands of people's

mailboxes.

Today, much of the spam volume is sent by career criminals and malicious hackers.More than 90

billion spam are sent per day in 2007!

Chapter-3

13


14/36

TYPES OF SPAM

Today spam is a household word. Approximately 70-80% of all email traffic is spam. It means that

active correspondence via email is impossible without spam protection. Although spam written in

English is the most common, it comes in all languages including Chinese, Korean and other Asian

languages. In most cases spam is advertising.

Experience shows that spammers target specific goods and services which they seek to promote.

Some goods are chosen because a computer user is likely to be interested, but most are grey or

black market goods. In other words, spam is usually illegal, not only because of the means used to

advertise the goods, but also because the goods and services being offered are themselves

illegal.Other mass mailings are outright fraud. For example, a recipient is asked to provide their

bank account details. Of course, if the recipient provides these details, their bank account will be

emptied without their consent. This type of spam is usually called 'scam'. Another shining example

of fraud is Nigerian letters.

Spam worldwide tends to advertise a certain range of goods and services irrespective of language

and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas

items and car heaters being replaced by air conditioner advertising in summer.

Spammers constantly extend the range of their offers and are always searching for new ways of

attracting unwary users. The list of spam categories is growing. The share of new categories in

spam traffic is insignificant, though certain trends are quite evident when spam categories are

broken down. Nevermore so than in the most widespread types of spam:

However, when averaged out over the course of the year, 50% of spam falls into the following

categories:

Health and Medicine

14


15/36

IT

Personal finance

Education

Chapter-3

3.1 Health and Medicine

This category includes advertisements for weight loss, skin care, posture improvement, cures for

baldness, dietary supplements and non-traditional medication etc. which can all be bought on-line.

Example

Subject: Lose up to 19% weight. A new weightloss is here.

Hello, I have a special offer for you...

WANT TO LOSE WEIGHT?

The most powerful weightloss is now availablewithout prescription. All natural Adipren720100% Money Back Guarantee!

- Lose up to 19% Total Body Weight.- Up to 300% more Weight Loss while dieting.- Loss of 20-35% abdominal Fat.- Reduction of 40-70% overall Fat under skin.- Increase metabolic rate by 76.9% without Exercise.- Burns calorized fat.- Suppresses appetite for sugar.- Boost your Confidence level and Self Esteem.

Get the facts about all-natural Adipren720: {LINK}

15


16/36

3.2 IT

This category includes offers for low-priced hardware and software as well as services for website

owners such as hosting, domain registration, website optimization and so forth.

Example:

Chapter-3

Subject: Huge savings on OEM Software. All brand names available now

stewardess

Looking for not expensive high-quality software?

We might have just what you need.

Windows XP Professional 2002 ............. $50

Adobe Photoshop 7.0 ...................... $60

Microsoft Office XP Professional 2002 .... $60

Corel Draw Graphics Suite 11 ............. $60

and lots more...

3.3 Personal Finance

Spam which falls into this category offers insurance, debt reduction services, loans with low

interest rates etc.

Examples:

16


17/36

Chapter-3

17


18/36

18

Subject: Lenders Compete--You Win

Reduce your mortgage payments

Interest Rates are Going Up!

Give Your Family The Financial Freedom They Deserve

Refinance Today & SAVE*Quick & EASY*CONFIDENTIAL*100's Of Lenders*100% FREE*Get The Lowest Rate

Apply Today! {LINK}

All credit will be accepted

To clear your name from our database please {LINK}or use one of the optins below.Thank You

Call 1-800-279-7310

Or please mail us at:

1700 E. Elliot Rd. STE3-C4

Tempe, AZ. 85283


19/36

3.4 Education & Training

This category includes offers for seminars, training and online degrees.

Examples:

Chapter-3

19


20/36

Subject: get a degree from home, Mas#ters, Bachelors or PHD

Call {Phone Num.} to inquire about our degree programs.

Whether you are seeking a Bachelors, Masters, Ph.D. or MBA

We can provide you with the fully verifiable credentials to get your career BACK ONTRACK!

No testing or coursework required Call: {Phone Num.}

we are sorry if you did not want to receive this mail.

To be removed from our list please call {Phone Num.}

20


21/36

Chapter-4

CONTEMPORARY SPAMMER TECHNOLOGIES

Spammers use dedicated programs and technologies to generate and transmit the billions of spam

emails which are sent every day (from 60% to 90% of all mail traffic). This requires significant

investment of both time and money.

Spammer activity can be broken down into the following steps:

21


22/36

Fig 4.1 Steps For Spamming

Chapter-4

4.1 Creating Address Databases

The first step in running a spammer business is creating an email database. Entries do not only

consist of email addresses; each entry may contain additional information such as geographical

location, sphere of activity (for corporate entries) or interests (for personal entries). A database

may contain addresses from specific mail providers, such as Yandex, Hotmail, AOL etc. or from

online services such as PayPal or eBay.

There are a number of methods spammers typically use to collecting addresses:

Guessing addresses using common combinations of words and numbers - john@, destroyer@,

alex-2@

Guessing addresses by analogy - if there is a verified [email protected] , then it's

reasonable to search for a [email protected], @aol.com, Paypal etc.

Scanning public resources including web sites, forums, chat rooms, Whois databases, Usenet

News and so forth for word combinations (i.e. [email protected], with word3 being a top-

level domain such as .com or .info)

Stealing databases from web services, ISPs etc.

Stealing users' personal data using computer viruses and other malicious programs

22


23/36

Topical databases are usually created using the third method, since public resources often contain

information about user preferences along with personal information such as gender, age etc. Stolen

databases from web services and ISPs may also include such information, enabling spammers to

further personalize and target their mailings.

Stealing personal data such as mail client address books is a recent innovation, but is proving to be

highly effective, as the majority of addresses will be active. Unfortunately, recent virus epidemics

have demonstrated that there are still a great many systems without adequate antivirus protection;

this method will continue to be successfully used until the vast majority of systems have been

adequately secured.

Chapter-4

4.2 Address Verification

Once email databases have been created, the addresses need to be verified before they can be sold

or used for mass mailing. Spammers send a variety of trial messages to check that addresses are

active and that email messages are being read.

Initial test mailing-A test message with a random text which is designed to evade spam filters

is sent to the entire address list. The mail server logs are analysed for active and defunct addresses

and the database is cleaned accordingly.

Once addresses have been verified, a second message is often sent to check whether recipients

are reading messages. For instance, the message may contain a link to a picture on a designated

web server. Once the message is opened, the picture is downloaded automatically and the website

will log the address as active.

23


24/36

A more successful method of verifying if an address is active is a social engineering technique.

Most end users know that they have the right to unsubscribe from unsolicited and/or unwanted

mailings. Spammers take advantage of this by sending messages with an 'unsubscribe' button.

Users click on the unsubscribe link and a message purportedly unsubscribing the user is sent.

Instead, the spammer receives confirmation that the address in question is not only valid but that

the user is active.

However, none of these methods are foolproof and any spammer database will always contain a

large number of inactive addresses.

4.3 Creating Platforms For Mass Mailing

Today's spammers use one of these three mass mailing methods:

Direct mailing from rented servers

Using open relays and open proxies - servers which have been poorly configured and are

therefore freely accessible

Chapter-4

Bot networks - networks of zombie machines infected with malware, usually a Trojan, which

allow spammers to use the infected machines as platforms for mass mailings without the

knowledge or consent of the owner.

Renting servers is problematic, since anti-spam organizations monitor mass mailings and are quick

to add servers to blacklists. Most ISPs and anti-spam solutions use blacklists as one method to

identify spam: this means that once a server has been blacklisted, it can no longer be used byspammers.

24


25/36

Using open relay and open proxy servers is also time consuming and costly. First spammers need

to write and maintain robots that search the Internet for vulnerable servers. Then the servers need

to be penetrated. However, very often, after a few successful mailings, these servers will also be

detected and blacklisted.

As a result, today most spammers prefer to create or purchase bot networks. Professional virus

writers use a variety of methods to create and maintain these networks:

Pirate software is also a favorite vehicle for spreading malicious code. Since these programs are

n spread via file-sharing networks, such as Kazaa, eDonkey and others, the networks themselves are penetrated

even users who do not use pirate software will be at risk.

Exploiting vulnerabilities in Internet browsers, primarily MS Internet Explorer. There are number

owser vulnerabilities in browsers which make it possible to penetrate a computer from a site being viewed by the

hine's user. Virus writers exploit such holes and write Trojans and other malware to penetrate victim machines,

ng malware owners full access to, and control over, these infected machines. For instance, pornographic sites and

r frequently visited semi-legal sites are often infested with such malicious programs. In 2004 a large number of

running under MS IIS were penetrated and infected with Trojans. These Trojans then attacked the machines of

s who believed that these sites were safe.

Using email worms and exploiting vulnerabilities in MS Windows services to distribute and install

ans: MS Windows systems are inherently vulnerable, and hackers and virus writers

Chapter-4

are always ready to exploit this. Independent tests have demonstrated that a Windows XP system

without either a firewall or antivirus software will be attacked within approximately 20 minutes ofbeing connected to the Internet.

25


26/36

Modern malware is rather technologically sophisticated the authors of these programs spare

neither time nor effort to make detection of their creations as difficult as possible. Trojan

components can behave as Internet browsers asking websites for instructions whether to launch a

DoS attack or to start spam mailing, etc. (the instructions may even contain information about the

time and the place of the next instruction). IRC is also used to get instructions.

Spammer Software

An average mass mailing contains about a million messages. The objective is to send the

maximum number of messages in the minimum possible time. There is a limited window of

opportunity before anti-spam vendors update signature databases to deflect the latest types of

spam.

Sending a large number of messages within a limited timeframe requires appropriate technology.

There are a number of resources available that are developed and used by professional spammers.

These programs need to be able to:

Send mail over a variety of channels including open relays and individual infected machines.

Create dynamic texts.

Spoof legitimate message headers

Track the validity of an email address database.

Detect whether individual messages are delivered or not and to resend them from alternative platforms if the

nal platform has been blacklisted.

These spammer applications are available as subscription services or as a stand-alone application

for a one-off fee.

Chapter-4

4.4 Marketing Spammer Services

26


27/36

Strangely enough, spammers advertise their services using spam. In fact, the advertising which

spammers use to promote their services constitutes a separate category of spam. Spammer-related

spam also includes advertisements for spammer applications, bot networks and email address

databases.

4.5 Creating The Message Body

Today, anti-spam filters are sophisticated enough to instantly detect and block a large number of

identical messages. Spammers therefore now make sure that mass mailings contain emails with

almost identical content, with the texts being very slightly altered. They have developed a range of

methods to mask the similarity between messages in each mailing:

Inclusion of random text strings, words or invisible text. This may be as simple as including a

om string of words and/or characters or a real text from a real source at either the beginning or the end of the

sage body. An HTML message may contain invisible text - tiny fonts or text which is colored to match the

ground. All of these tricks interfere with the fuzzy matching and Bayesian filtering methods used by anti-spam

tions. However, anti-spam developers have responded by developing quotation scanners, detailed analysis of

ML encoding and other techniques. In many cases spam filters simply detect that such tricks have been used in a

age and automatically flag it as spam.

Graphical spam. Sending text in graphics format hindered automatic text analysis for a period of

, though today a good anti-spam solution is able to detect and analyze incoming graphics

Dynamic graphics. Spammers are now utilizing complicated graphics with extra information to

e anti-spam filters.

"Fragmented Images. Actually the image consists of several smaller images, but a user sees it as

plete text. Animation is just another type of fragmentation whereby the image is split into frames that are layered

each other, with the end result being complete text.

Chapter-4

27


28/36

Paraphrasing texts. A single advertisement can be endlessly rephrased, making each individual

sage appear to be a legitimate email. As a result, anti-spam filters have to be configured using a large number of

ples before such messages can be detected as spam. A good spammer application will utilize all of the abovehods, since different potential victims use different anti-spam filters. Using a variety of techniques ensures that a

mercially viable number of messages will escape filtration and reach the intended recipients.

28


29/36

Chapter-5

EXAMPLES OF SPAM

If the title mentions "free pix", "passwords", or money-making opportunities, it's spam.

IF THE TITLE IS ALL IN CAPITALS, it's spam.

If the title mentions a filename ending in ".html" or ".htm", it's spam.

If the title contains a web site address, it's spam.

If the title ends with a multi-digit number (e.g. "Please help 13874"), it's spam.

If there's lots of non-alphabetic characters (e.g. *****, !!!!!, ##### etc.), particularly at the

start of the title, it's spam.

If the author field consists of a stream of random characters, (such as "jsg;rhb" or

"dkhvdjblkghsx") it's spam.

If the author's name is "Webmaster" or reads like an invite to a web site, it's probably spam.

If the title is in an unexpected language (e.g. German), it's probably spam.

29


30/36

Chapter-6

DAMAGE CAUSED BY SPAM

6.1 Time Costs

If you are receiving two or three Unsolicited Emails a day you probably think spam isn't all that

bad, it's just a minor inconvenience. But if you are receiving 40 to 50+ a day, and you're spending

an average of 10 seconds each to decide what you want to do with each message, then you're

30


31/36

wasting around 60 hours a year dealing with spam. That's over seven workdays wasted each year!

Not to mention the raw frustration and distraction of doing a task that takes you from your

productive work.

6.2 Server Costs

Then there are the costs to your server of having to manage large amounts of mail entering their

system. When too much is sent or arrives at one time it can cause the system to crash, leaving their

customers without the ability to send or receive email. One Internet Service Provider that's known

for allowing spammers to send bulk mail through its system crashed when several of its users sent

large amounts of mail at the same time. It was down for several days and many antispammers

thought that justice had its own way of dealing with spammers and hoped the Provider would start

enforcing it's own Terms of Use. No such luck, its back and spammers are sending their junk mail

in mass amounts once again.

6.3 Consumer Costs

Some consumers have to pay long distance phone charges to connect to the Internet (mostly in

countries outside of the US) and some countries charge for every phone call made by their

customers. In these cases, the user wastes connection time by downloading and sorting through

unwanted email.

Chapter-6

6.4 Privacy Costs

It's our belief that the biggest problem with spam, other than having to look at it, is that 90% ofthose sending it do it in a fraudulent way. They buy software that hides their identity, forges email

headers, steals others' identities (read about one man's experience with identity theft at Behind

Enemy Lines), use bogus cancellation addresses, and stake out a claim to their right to intrude on

31


32/36

your privacy. Some even claim you signed up to receive their spam advertisement (which may

contain some measure of truth but we will comment on that under How Did They Get My Email

Address? If that were true, why then do they go to such lengths to hide their true identities.

Year after year, the advertising component that was the original purpose of spam degeneratesfurther towards simple criminal opportunism. Since spam mailings are anonymous, their owners

often cherish the illusion that they can operate with impunity.

The most popular types of blatantly criminal spam are Nigerian letters and phishing. Spammers

have been most inventive in creating ever more attractive bait for the user and seeking new

targets for their attacks.

In addition, the services of the spammer are in constant demand by virus writers. Virus writers use

spam mailings to distribute their latest creations, often placing links to infected sites within the

mailing that are designed to lure the unwary user to click on them for one reason or another. A

recipient of such spam thus runs the risk of their computer being infected by a malicious program.

According to the experts, the annual overall loss resulting from spam is estimated to be tens of

billions of Dollars. As a result, anti-spam protection is not only desirable, but an urgent necessity.

If spammer activity is not restricted, email could easily become a thing of the past, eclipsed by the

overwhelming volume of spam.

Chapter-7

WAYS TO AVOID SPAM

Maintain at least two email addresses. You should use your private address for personal correspondence The public address should be the one you use to register on public forums, in chat rooms, to subscribe to mailing

etc.

32


33/36

Never publish your private address on publicly accessible resources.

Your private address should be difficult to spoof. Spammers use combinations of obvious names, words and

bers to build possible addresses. Your private address should not simply be your first and last name. Be creative

personalize your email address.

If you have to publish your private address electronically, mask it to avoid having it harvested by spammers.

[email protected] is easy to harvest, as is Joe.Smith at yahoo.com. Try writing Joe-dot-Smith-at-yahoo-dot-com

ad. If you need to publish your private address on a website, do this as a graphics file rather than as a link.

Treat your public address as a temporary one. Chances are high that spammers will harvest your public

ess fairly quickly. Don't be afraid to change it often.

Always use your public address to register in forums and chatrooms and to subscribe to mailing lists and

motions. You might even consider using a number of public addresses in order to trace which services are selling

esses to spammers.

Never respond to spam. Most spammers verify receipt and log responses. The more you respond, the more

m you will receive.

Chapter-7

33


34/36

Do not click on unsubscribe links from questionable sources. Spammers send fake unsubscribe letters in

an attempt to collect active addresses. You certainly don't want to have your address tagged as active as it

will just increase the amount of spam that you receive.

If your private address is discovered by spammers - change it. This can be inconvenient, but changing your

email address does help you to avoid spam - at least for a while!

Make sure that your email is filtered by an antispam solution. Consider installing a personal antispam

solution. Only open email accounts with providers that offer spam filtration prior to mail delivery.

34


35/36

Chapter-8

CONCLUSION

The transmission of unsolicited commercial email messages (Spam) has become one of the most

pressing issues in the information technology world.It is not possible to remove Cyber crimes from

the cyber space. But it is quite possible to check them, and it can be done to make people aware of

their rights and duties.Arms race between spammers and anti spam techniques.

Effective and efficient use of various Anti-Spam techniques as discussed can make spamming less

profitable and can prove a way to help FIGHT SPAM.

Distributed Community approach most effective. However there were some attempts to introduce

fees for sending e-mails they did not have any significant influence on the whole situation. Many

skeptics predicted that this idea would satisfy neither e-mail providers nor users and that was the

reality - Gates idea failed having been rejected by the majority of both. Also the performance of

the latest spam recognition techniques seems to be quite disappointing. If we consider such

technologies as Smart RBL or Distributed Checksum Clearing House (DCC) then spam filters

using them quite often fail to distinguish spam/non-spam messages correctly and as a result

legitimate e-mails are blocked while junk passes through to Inbox. To conclude we have to admit

that in 2006 the situation with spam got much worse than it had been predicted before and at the

35


36/36

moment there are no encouraging signs that could give some cause for optimism in the nearest

future. "Arms race" is continuing and so far spammers have not shown any signs of exhaustion.

Bibliography

www.wikipedia.org

http://www.web-spamming-ppt-d142629409.htm

http://www.spam_types.asp.htm

Akshara Pts Report FINAL

Documents

Transcript of Akshara Pts Report FINAL