Akshara Pts Report FINAL

Embed Size (px)

Citation preview

  • 8/2/2019 Akshara Pts Report FINAL



    With increasing security measures in network services, remote exploitation is getting harder. As a

    result, attackers concentrate on more reliable attack vectors like email victims are infected using

    either malicious attachments or links leading to malicious websites. Therefore efficient altering and

    blocking methods for spam messages are needed. Unfortunately, most spam altering solutions

    proposed so far are reactive, they require a large amount of both ham and spam messages to

    efficiently generate rules to differentiate between both. In this paper, we introduce a

    more proactive approach that allows us to directly collect spam message by interacting with the

    spam botnet controllers. We are able to observe current spam runs and obtain a copy of latest spammessages in a fast and efficient way. Based on the collected information we are able to generate

    templates that represent a concise summary of a spam run. The collected data can then be used to

    improve current spam altering techniques and develop new venues to efficiently alter mails.


  • 8/2/2019 Akshara Pts Report FINAL




    The Oxford Reference Online defines cyber crime as crime committed over the Internet. The

    Encyclopedia Britannica defines cyber crime as any crime that is committed by means of special

    knowledge or expert use of computer technology. So what exactly is Cyber Crime? Cyber crime

    could reasonably include a wide variety of criminal offences and activities. The Internet or Cyber

    Space as it s sometimes called, is a borderless environment unlike a brick and mortar world. Even

    though it is indispensable as a knowledge bank, it is an ideal tool for someone with a criminal bent

    of mind, who can use this environment to his/ her maximum advantage. It is not a surprise that

    Cyber Crimes like money cyber stalking, denial of service, e-mail abuse, chat abuse and other

    crimes are on the rise. Cyber Terrorist and cyber mafia are emerging with great force, whose

    activities are going to threaten the sovereignty of nations and world order.

    Since the beginning of civilization, man has always been motivated by the need to make progress

    and better the existing technologies. This has led to tremendous development and progress which

    has been a launching pad for further development . Of all the significant advances made by

    mankind from the beginning till date. Probably the most important of them is the development of

    Internet to put in a common mans language internet is a global network of computers, all

    speaking the same language. In 1969, America's Department of Defense commissioned the

    construction of a Super network called ARPANET. The Advanced Research Projects

    Agency Network (ARPANET), basically intended as a military network of 40 computers

    connected by a web of links & lines. This network slowly grew and the internet was born.


  • 8/2/2019 Akshara Pts Report FINAL


    By 1981, over 200 computers were connected from all around the world. Now the figure runs

    into millions. The real power of today's internet is that it is available to anyone with a computer

    and a telephone line. Internet places in an individual' s hand the power of information and


    Internet usage has significantly increased over the past few years. The number of data packets

    which flowed through the Internet increased from 153 million in 1988 to 60,587 million in 1994


    and the number of host computers increased from 235 in 1982 to 3.2 million in 1994.

    According to International Data Corporation ("IDC"), approximately 233.3 million devices areestimated to be connected to the Internet by the year 2000 versus approximately12.6 million

    devices in 1995. IDC also estimates that approximately 163 million individuals or entities will use

    the Internet by the year 2000 as opposed to16.1 million in 1995. If left to its own measure, it is

    highly unlikely that such a trend can reverse itself .Internet is believed to be full of anarchy and a

    system of law and regulation therein seems contradictory. However, Cyberspace is being

    governed by a system of law calledCyberlaw. Cyberlaw is a generic term which refers to all thelegal and regulatory aspects of internet. Publishing a web page is an excellent way for any

    business to vastly increase its exposure to millions of individuals world-wide. It is that feature

    of the Internet which is causing much controversy in the legal community.

    Cyberlaw is a constantly evolving process. As the Internet grows, numerous legal issues arise.

    One of the most important issues concerning cyberspace today is that of Cybercrime. WhenInternet was developed, the founding fathers of Internet hardly had any inclination that Internet

    could also be misused for criminal activities. Today, there are many disturbing things happening in

    cyberspace. Cybercrime refers to all the activities done with criminal intent in cyberspace. These

    could be either the criminal activities in the conventional sense or could be activities, newly

    evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it

    is possible to engage into a variety of criminal activities with impunity and people with


  • 8/2/2019 Akshara Pts Report FINAL


    intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal

    activities in cyberspace. The field of Cybercrime is just emerging and new forms of criminal

    activities in cyberspace are coming to the forefront with the passing of each new day.

    There can be no one exhaustive definition about Cybercrime. However, any activities which basically offend human sensibilities, can also be included in its ambit. Child Pornography

    on the Internet constitutes one serious Cybercrime. Similarly, online pedophiles, using

    internet to induce minor children into sex, are as much Cybercriminals as any other. Cybercrimes


    committed against persons include various crimes like transmission of child-pornography,harassment of any one with the use of a computer such as e-mail, and cyber-stalking. Thetrafficking, distribution, posting, and dissemination of obscene material including

    pornography, indecent exposure, and child pornography, constitutes one of the most important

    Cybercrimes known today. The potential harm of such a crime to humanity can hardly be

    overstated. This is one Cybercrime which threatens to undermine the growth of the younger

    generation as also leave irreparable scars and injury on the younger generation, if not


    Similarly, Cyber harassment is a distinct Cybercrime. Various kinds of harassment can and does

    occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial,

    religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes.

    Cyber harassment as a crime also brings us to another related area of violation of privacy of

    netizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes

    any other person invading the precious and extremely touchy area of his or her own privacy

    which the medium of internet grants to the netizens.Another Cybercrime against persons isthat of Cyberstalking. The Internet is a wonderful place to work, play and study. The Net is no

    more and no less than a mirror of the real world. And that means it also contains electronic

    versions of real life problems. Stalking and harassments are problems that many persons


  • 8/2/2019 Akshara Pts Report FINAL


    especially women, are familiar with in real life. These problems also occur on the Internet,

    in what has become known as "Cyberstalking" or "on-line harassment"The second category ofCybercrimes is that of Cybercrimes against all forms of property. These crimes include

    unauthorized computer trespassing through cyberspace, computer vandalism, transmission of

    harmful programs and unauthorized possession of computerized information.

    Hacking and cracking are amongst the gravest Cybercrimes known till date. It is a dreadful feeling

    to know that someone has broken into your computer systems without your knowledge and

    consent and has tampered with precious confidential data and information.


    Types Of Cyber Crime

    There are various types of cyber crime

    ber Stalking-

    Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber

    criminal towards the victim by using Internet services. Stalking in General terms can be referred to

    as the repeated acts of harassment targeting the victim such as

    1. Following the victim

    2. Making harassing phone calls

    3. Killing the victims pet

    4. Vandalizing victims property

    5. Leaving written messages or objects

    Stalking may be followed by serious violent acts such as physical harm to the victim and the samehas to be treated and viewed seriously. It all depends on the course of conduct of the stalker.


  • 8/2/2019 Akshara Pts Report FINAL


    Cyber-stalking refers to the use of the Internet, e-mail, or other electronic communications device

    to stalk another person. It is a relatively new form of harassment, unfortunately, rising to alarming

    levels especially in big cities like Mumbai.

    1.1.2 Denial Of Service-

    This is an act by a criminal, who floods the bandwidth of the victims network or fills his e-mail

    box with spam mail depriving him of the services he is entitled to access or provide. This act is

    committed by a technique called spoofing and buffer overflow. The criminal spoofs the IP address

    and flood the network of the victim with repeated requests. Since the IP address is fake,


    the victim machine keeps waiting for response from the criminals machine for each request. This

    consumes the bandwidth of the network which then fails to serve the legitimate requests and

    ultimately breaks down.

    1.1.3 Software Piracy-

    Theft of software through the illegal copying of genuine programs or the counterfeiting and

    distribution of products intended to pass for the original is termed as termed as software piracy.

    Examples of software piracy

    1. End user copying - Friends loaning disks to each other, or organizations underreporting the

    number of software installations they have made.

    2. Hard disk loading Hard disk vendors loads pirated software

    3. Counterfeiting - large-scale duplication and distribution of illegally copied software.

    4. Illegal downloads from the Internet - By intrusion, cracking serial numbers etc.

    1.1.4 Spoofing-


  • 8/2/2019 Akshara Pts Report FINAL


  • 8/2/2019 Akshara Pts Report FINAL


    1.1.8 Credit Card Fraud-

    You simply have to type credit cardnumberiinto www page of the vendor foronline transactionIf

    electronic transactions are not securedthe credit card numbers can be stolen bythe hackers who

    can misuse this card byimpersonating the credit card owner.

    1.1.9 Phishing-

    It is technique of pulling out confidential information from the bank/financial institutional account

    holders by deceptive means.


    1.1.10 Threatening-

    The Criminal sends threatening email or comes in contact iin chat rooms with victim..(Any one

    disgruntled may do this against boss,, friend or official).

    1.1.11 Salami Attack-

    In such crime criminal makes insignificant changes in such a manner that such changes would go

    unnoticed.Criminal makes such program that deducts small amount like Rs. 2.50 per month from

    the account of all the customer of the Bank and deposit the same in his account. In this case no

    account holder will approach the bank for such small amount but criminal gains huge amount.


  • 8/2/2019 Akshara Pts Report FINAL




    Every Internet user knows the word spam and sees it in their inbox quite often. But not everyone

    knows that years ago the word spam had nothing to do with either the Internet or emails.Spam

    is an acronym derived from the words spiced and ham. In 1937, the Hormel Foods Corporation

    (USA) started selling minced sausage made from out-of-date meat. The Americans refused to buy

    this unappetizing product. To avoid financial losses the owner of the company, Mr. Hormel,

    launched a massive advertizing campaign which resulted in a contract to provide tinned meat

    products to the Army and Navy.

    In 1937, Hormel Foods began to supply its products to American and allied troops. After World

    War 2, with Britain in the grips of an economic crisis, spam was one of the few meat products that


  • 8/2/2019 Akshara Pts Report FINAL


    wasnt rationed and hence was widely available. George Orwell, in his book 1984, described

    spam as pink meat pieces, which gave a new meaning to the word spam-something disgusting

    but inevitable. In December 1970 the BBC television comedy series Monty Pythons Flying Circus

    showed a sketch set in a cafe where nearly every item on the menu included spam - the tinned meat

    product. As the waiter recited the SPAM-filled menu, a chorus of Viking patrons drowned out all

    other conversation with a song repeating "SPAM, SPAM, SPAM, SPAM... lovely SPAM,

    wonderful SPAM", hence "SPAMming" the dialogue. Since then spam has been associated with

    unwanted, obtrusive, excessive information which suppresses required messages.

    In 1993 the term spam was first introduced with reference to unsolicited or undesired bulk

    electronic messages. Richard Dephew, administrator of the world-wide distributed Internet

    discussion system Usenet, wrote a program which mistakenly caused the release of dozens of

    recursive messages onto the news.admin.policy newsgroup. The recipients immediately found an

    appropriate name for these obtrusive messages spam.


    On April 12 1994, a husband-and-wife firm of lawyers, Canter & Siegel, posted the first massive

    spam mailing. The companys programmer employed Usenet to advertise the services offered by

    Canter & Siegel, thus giving a start to commercial spam. Today the word spam is widely used in

    email terminology, though Hormel tinned meat products are still on sale in the USA.

    Before we define exactly what spam is, a few words should be said about spam in general and how

    it is understood in other countries.Depending on the goals of the sender (spammer), spam

    (unsolicited bulk email) may contain commercial information, or have nothing to do with it at all.

    In other words, according to the content of the message, spam is divided into unsolicited

    commercial email (UCE) and unsolicited bulk email (UBE).An email may contain information


  • 8/2/2019 Akshara Pts Report FINAL


    about its content in the SUBJECT field, whilst in the body of the message a sender may explain

    why they have addresses a recipient without asking their permission and what the recipient must

    do in order not to get emails from the sender in the future. In other words, if a user wants to

    unsubscribe from unsolicited emails (opt-out) they must follow the instructions of the spammer,

    which as a rule, will require information about the users email address or the need to call a

    telephone number (usually a toll-free phone number).

    Spammers know that they are sending out unsolicited information and try to make it seem as

    though they do not want to inconvenience the user through clever use of the SUBJECT field text

    and the inclusion of an unsubscribe mechanism. In fact, spammers do not care about reducing the

    inconvenience caused by spam, and what is more, they dodge responsibility for their actions by

    using spoofed sender addresses, third-party addresses or fake message headings. Their only goal is

    to impede the identification of the sender and thus to prevent any possible retribution.

    According to Kaspersky Lab, the definition of spam is anonymous, unsolicited bulk email.

    Let's take a closer look at each component of the definition:

    Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual



    Mass mailing: real spam is sent in enormous quantities. Spammers make money from the small

    percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails

    have to be high-volume.

    Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to

    receive may resemble spam, but are actually legitimate mail. In other words, the same piece of


  • 8/2/2019 Akshara Pts Report FINAL


    mail can be classed as both spam and legitimate mail depending on whether or not the user elected

    to receive it.

    It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.

    Many spam messages are neither advertising nor any type of commercial proposition. In additionto offering goods and services, spam mailings can fall into the following categories:

    Political messages

    Quasi-charity appeals

    Financial scams

    Chain letters

    Fake spam being used to spread malware

    Because some unsolicited correspondence may be of interest to the recipient, a quality anti-spam

    solution should be able to distinguish between true spam (unsolicited, bulk mailing) and

    unsolicited correspondence.True spam should be reviewed or deleted at the recipient's

    convenience. Unsolicited correspondence may also be filtered, but this should be carried out

    carefully because a legitimate commercial proposition, a charity appeal, an invitation addressed

    personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail,butnot as spam. Legitimate messages may also include delivery failure messages, misdirected

    messages, messages from system administrators or even messages from old friends who have not

    previously corresponded with the recipient by email. Unsolicited - yes. Unwanted not



    2.1 Purpose Of Spam


  • 8/2/2019 Akshara Pts Report FINAL


    The purpose of span is almost always to make money. Some spam promotes a product or invites

    you to visit a website,other spam tries to trick you into investing in fraudulent schemes,or

    revealing your bank or credit card details.spam email sent to a large no. of people to promote

    products or sevices.some spam messages appear to come from authentic sources,such as banks.

    Spammer succeed when even a small number of prople reply to and purchase some spam based

    offering for the spammers to succeed.Some messages will ask you to complete registration or enter

    a password & are known as phishing,their only purpose being to acquire personal data or even

    passwords to accounts.

    2.2 Who Practices The Spamming

    Spam sent using spamware - programs specifically designed to send huge amounts of email (up to

    100,000 emails an hour) over an ordinary dialup internet connection

    Spam sent by ordinary person who wants to make advertisings for his own Web site

    Individual computers that have been infected with a virus / Trojan - they connect to the Internet

    and download lists of email addresses and start sending out spam.

    Professional' spamhauses. These are companys setup purely to commit theft and fraud. The have

    permanent internet connections, or sometimes have their servers in the premises of other crooked

    service providers. They don't usually spam to advertise themselves, instead they find clueless

    businessmen and charge them $1000 or so to send their advert to hundreds of thousands of people's


    Today, much of the spam volume is sent by career criminals and malicious hackers.More than 90

    billion spam are sent per day in 2007!



  • 8/2/2019 Akshara Pts Report FINAL



    Today spam is a household word. Approximately 70-80% of all email traffic is spam. It means that

    active correspondence via email is impossible without spam protection. Although spam written in

    English is the most common, it comes in all languages including Chinese, Korean and other Asian

    languages. In most cases spam is advertising.

    Experience shows that spammers target specific goods and services which they seek to promote.

    Some goods are chosen because a computer user is likely to be interested, but most are grey or

    black market goods. In other words, spam is usually illegal, not only because of the means used to

    advertise the goods, but also because the goods and services being offered are themselves

    illegal.Other mass mailings are outright fraud. For example, a recipient is asked to provide their

    bank account details. Of course, if the recipient provides these details, their bank account will be

    emptied without their consent. This type of spam is usually called 'scam'. Another shining example

    of fraud is Nigerian letters.

    Spam worldwide tends to advertise a certain range of goods and services irrespective of language

    and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas

    items and car heaters being replaced by air conditioner advertising in summer.

    Spammers constantly extend the range of their offers and are always searching for new ways of

    attracting unwary users. The list of spam categories is growing. The share of new categories in

    spam traffic is insignificant, though certain trends are quite evident when spam categories are

    broken down. Nevermore so than in the most widespread types of spam:

    However, when averaged out over the course of the year, 50% of spam falls into the following


    Health and Medicine


  • 8/2/2019 Akshara Pts Report FINAL



    Personal finance



    3.1 Health and Medicine

    This category includes advertisements for weight loss, skin care, posture improvement, cures for

    baldness, dietary supplements and non-traditional medication etc. which can all be bought on-line.


    Subject: Lose up to 19% weight. A new weightloss is here.

    Hello, I have a special offer for you...


    The most powerful weightloss is now availablewithout prescription. All natural Adipren720100% Money Back Guarantee!

    - Lose up to 19% Total Body Weight.- Up to 300% more Weight Loss while dieting.- Loss of 20-35% abdominal Fat.- Reduction of 40-70% overall Fat under skin.- Increase metabolic rate by 76.9% without Exercise.- Burns calorized fat.- Suppresses appetite for sugar.- Boost your Confidence level and Self Esteem.

    Get the facts about all-natural Adipren720: {LINK}


  • 8/2/2019 Akshara Pts Report FINAL


    3.2 IT

    This category includes offers for low-priced hardware and software as well as services for website

    owners such as hosting, domain registration, website optimization and so forth.



    Subject: Huge savings on OEM Software. All brand names available now


    Looking for not expensive high-quality software?

    We might have just what you need.

    Windows XP Professional 2002 ............. $50

    Adobe Photoshop 7.0 ...................... $60

    Microsoft Office XP Professional 2002 .... $60

    Corel Draw Graphics Suite 11 ............. $60

    and lots more...

    3.3 Personal Finance

    Spam which falls into this category offers insurance, debt reduction services, loans with low

    interest rates etc.



  • 8/2/2019 Akshara Pts Report FINAL




  • 8/2/2019 Akshara Pts Report FINAL



    Subject: Lenders Compete--You Win

    Reduce your mortgage payments

    Interest Rates are Going Up!

    Give Your Family The Financial Freedom They Deserve

    Refinance Today & SAVE*Quick & EASY*CONFIDENTIAL*100's Of Lenders*100% FREE*Get The Lowest Rate

    Apply Today! {LINK}

    All credit will be accepted

    To clear your name from our database please {LINK}or use one of the optins below.Thank You

    Call 1-800-279-7310

    Or please mail us at:

    1700 E. Elliot Rd. STE3-C4

    Tempe, AZ. 85283

  • 8/2/2019 Akshara Pts Report FINAL


    3.4 Education & Training

    This category includes offers for seminars, training and online degrees.




  • 8/2/2019 Akshara Pts Report FINAL


    Subject: get a degree from home, Mas#ters, Bachelors or PHD

    Call {Phone Num.} to inquire about our degree programs.

    Whether you are seeking a Bachelors, Masters, Ph.D. or MBA

    We can provide you with the fully verifiable credentials to get your career BACK ONTRACK!

    No testing or coursework required Call: {Phone Num.}

    we are sorry if you did not want to receive this mail.

    To be removed from our list please call {Phone Num.}


  • 8/2/2019 Akshara Pts Report FINAL




    Spammers use dedicated programs and technologies to generate and transmit the billions of spam

    emails which are sent every day (from 60% to 90% of all mail traffic). This requires significant

    investment of both time and money.

    Spammer activity can be broken down into the following steps:


  • 8/2/2019 Akshara Pts Report FINAL


    Fig 4.1 Steps For Spamming


    4.1 Creating Address Databases

    The first step in running a spammer business is creating an email database. Entries do not only

    consist of email addresses; each entry may contain additional information such as geographical

    location, sphere of activity (for corporate entries) or interests (for personal entries). A database

    may contain addresses from specific mail providers, such as Yandex, Hotmail, AOL etc. or from

    online services such as PayPal or eBay.

    There are a number of methods spammers typically use to collecting addresses:

    Guessing addresses using common combinations of words and numbers - john@, destroyer@,


    Guessing addresses by analogy - if there is a verified [email protected] , then it's

    reasonable to search for a [email protected], @aol.com, Paypal etc.

    Scanning public resources including web sites, forums, chat rooms, Whois databases, Usenet

    News and so forth for word combinations (i.e. [email protected], with word3 being a top-

    level domain such as .com or .info)

    Stealing databases from web services, ISPs etc.

    Stealing users' personal data using computer viruses and other malicious programs


  • 8/2/2019 Akshara Pts Report FINAL


    Topical databases are usually created using the third method, since public resources often contain

    information about user preferences along with personal information such as gender, age etc. Stolen

    databases from web services and ISPs may also include such information, enabling spammers to

    further personalize and target their mailings.

    Stealing personal data such as mail client address books is a recent innovation, but is proving to be

    highly effective, as the majority of addresses will be active. Unfortunately, recent virus epidemics

    have demonstrated that there are still a great many systems without adequate antivirus protection;

    this method will continue to be successfully used until the vast majority of systems have been

    adequately secured.


    4.2 Address Verification

    Once email databases have been created, the addresses need to be verified before they can be sold

    or used for mass mailing. Spammers send a variety of trial messages to check that addresses are

    active and that email messages are being read.

    Initial test mailing-A test message with a random text which is designed to evade spam filters

    is sent to the entire address list. The mail server logs are analysed for active and defunct addresses

    and the database is cleaned accordingly.

    Once addresses have been verified, a second message is often sent to check whether recipients

    are reading messages. For instance, the message may contain a link to a picture on a designated

    web server. Once the message is opened, the picture is downloaded automatically and the website

    will log the address as active.


  • 8/2/2019 Akshara Pts Report FINAL


    A more successful method of verifying if an address is active is a social engineering technique.

    Most end users know that they have the right to unsubscribe from unsolicited and/or unwanted

    mailings. Spammers take advantage of this by sending messages with an 'unsubscribe' button.

    Users click on the unsubscribe link and a message purportedly unsubscribing the user is sent.

    Instead, the spammer receives confirmation that the address in question is not only valid but that

    the user is active.

    However, none of these methods are foolproof and any spammer database will always contain a

    large number of inactive addresses.

    4.3 Creating Platforms For Mass Mailing

    Today's spammers use one of these three mass mailing methods:

    Direct mailing from rented servers

    Using open relays and open proxies - servers which have been poorly configured and are

    therefore freely accessible


    Bot networks - networks of zombie machines infected with malware, usually a Trojan, which

    allow spammers to use the infected machines as platforms for mass mailings without the

    knowledge or consent of the owner.

    Renting servers is problematic, since anti-spam organizations monitor mass mailings and are quick

    to add servers to blacklists. Most ISPs and anti-spam solutions use blacklists as one method to

    identify spam: this means that once a server has been blacklisted, it can no longer be used byspammers.


  • 8/2/2019 Akshara Pts Report FINAL


    Using open relay and open proxy servers is also time consuming and costly. First spammers need

    to write and maintain robots that search the Internet for vulnerable servers. Then the servers need

    to be penetrated. However, very often, after a few successful mailings, these servers will also be

    detected and blacklisted.

    As a result, today most spammers prefer to create or purchase bot networks. Professional virus

    writers use a variety of methods to create and maintain these networks:

    Pirate software is also a favorite vehicle for spreading malicious code. Since these programs are

    n spread via file-sharing networks, such as Kazaa, eDonkey and others, the networks themselves are penetrated

    even users who do not use pirate software will be at risk.

    Exploiting vulnerabilities in Internet browsers, primarily MS Internet Explorer. There are number

    owser vulnerabilities in browsers which make it possible to penetrate a computer from a site being viewed by the

    hine's user. Virus writers exploit such holes and write Trojans and other malware to penetrate victim machines,

    ng malware owners full access to, and control over, these infected machines. For instance, pornographic sites and

    r frequently visited semi-legal sites are often infested with such malicious programs. In 2004 a large number of

    running under MS IIS were penetrated and infected with Trojans. These Trojans then attacked the machines of

    s who believed that these sites were safe.

    Using email worms and exploiting vulnerabilities in MS Windows services to distribute and install

    ans: MS Windows systems are inherently vulnerable, and hackers and virus writers


    are always ready to exploit this. Independent tests have demonstrated that a Windows XP system

    without either a firewall or antivirus software will be attacked within approximately 20 minutes ofbeing connected to the Internet.


  • 8/2/2019 Akshara Pts Report FINAL


    Modern malware is rather technologically sophisticated the authors of these programs spare

    neither time nor effort to make detection of their creations as difficult as possible. Trojan

    components can behave as Internet browsers asking websites for instructions whether to launch a

    DoS attack or to start spam mailing, etc. (the instructions may even contain information about the

    time and the place of the next instruction). IRC is also used to get instructions.

    Spammer Software

    An average mass mailing contains about a million messages. The objective is to send the

    maximum number of messages in the minimum possible time. There is a limited window of

    opportunity before anti-spam vendors update signature databases to deflect the latest types of


    Sending a large number of messages within a limited timeframe requires appropriate technology.

    There are a number of resources available that are developed and used by professional spammers.

    These programs need to be able to:

    Send mail over a variety of channels including open relays and individual infected machines.

    Create dynamic texts.

    Spoof legitimate message headers

    Track the validity of an email address database.

    Detect whether individual messages are delivered or not and to resend them from alternative platforms if the

    nal platform has been blacklisted.

    These spammer applications are available as subscription services or as a stand-alone application

    for a one-off fee.


    4.4 Marketing Spammer Services


  • 8/2/2019 Akshara Pts Report FINAL


    Strangely enough, spammers advertise their services using spam. In fact, the advertising which

    spammers use to promote their services constitutes a separate category of spam. Spammer-related

    spam also includes advertisements for spammer applications, bot networks and email address


    4.5 Creating The Message Body

    Today, anti-spam filters are sophisticated enough to instantly detect and block a large number of

    identical messages. Spammers therefore now make sure that mass mailings contain emails with

    almost identical content, with the texts being very slightly altered. They have developed a range of

    methods to mask the similarity between messages in each mailing:

    Inclusion of random text strings, words or invisible text. This may be as simple as including a

    om string of words and/or characters or a real text from a real source at either the beginning or the end of the

    sage body. An HTML message may contain invisible text - tiny fonts or text which is colored to match the

    ground. All of these tricks interfere with the fuzzy matching and Bayesian filtering methods used by anti-spam

    tions. However, anti-spam developers have responded by developing quotation scanners, detailed analysis of

    ML encoding and other techniques. In many cases spam filters simply detect that such tricks have been used in a

    age and automatically flag it as spam.

    Graphical spam. Sending text in graphics format hindered automatic text analysis for a period of

    , though today a good anti-spam solution is able to detect and analyze incoming graphics

    Dynamic graphics. Spammers are now utilizing complicated graphics with extra information to

    e anti-spam filters.

    "Fragmented Images. Actually the image consists of several smaller images, but a user sees it as

    plete text. Animation is just another type of fragmentation whereby the image is split into frames that are layered

    each other, with the end result being complete text.



  • 8/2/2019 Akshara Pts Report FINAL


    Paraphrasing texts. A single advertisement can be endlessly rephrased, making each individual

    sage appear to be a legitimate email. As a result, anti-spam filters have to be configured using a large number of

    ples before such messages can be detected as spam. A good spammer application will utilize all of the abovehods, since different potential victims use different anti-spam filters. Using a variety of techniques ensures that a

    mercially viable number of messages will escape filtration and reach the intended recipients.


  • 8/2/2019 Akshara Pts Report FINAL




    If the title mentions "free pix", "passwords", or money-making opportunities, it's spam.


    If the title mentions a filename ending in ".html" or ".htm", it's spam.

    If the title contains a web site address, it's spam.

    If the title ends with a multi-digit number (e.g. "Please help 13874"), it's spam.

    If there's lots of non-alphabetic characters (e.g. *****, !!!!!, ##### etc.), particularly at the

    start of the title, it's spam.

    If the author field consists of a stream of random characters, (such as "jsg;rhb" or

    "dkhvdjblkghsx") it's spam.

    If the author's name is "Webmaster" or reads like an invite to a web site, it's probably spam.

    If the title is in an unexpected language (e.g. German), it's probably spam.


  • 8/2/2019 Akshara Pts Report FINAL




    6.1 Time Costs

    If you are receiving two or three Unsolicited Emails a day you probably think spam isn't all that

    bad, it's just a minor inconvenience. But if you are receiving 40 to 50+ a day, and you're spending

    an average of 10 seconds each to decide what you want to do with each message, then you're


  • 8/2/2019 Akshara Pts Report FINAL


    wasting around 60 hours a year dealing with spam. That's over seven workdays wasted each year!

    Not to mention the raw frustration and distraction of doing a task that takes you from your

    productive work.

    6.2 Server Costs

    Then there are the costs to your server of having to manage large amounts of mail entering their

    system. When too much is sent or arrives at one time it can cause the system to crash, leaving their

    customers without the ability to send or receive email. One Internet Service Provider that's known

    for allowing spammers to send bulk mail through its system crashed when several of its users sent

    large amounts of mail at the same time. It was down for several days and many antispammers

    thought that justice had its own way of dealing with spammers and hoped the Provider would start

    enforcing it's own Terms of Use. No such luck, its back and spammers are sending their junk mail

    in mass amounts once again.

    6.3 Consumer Costs

    Some consumers have to pay long distance phone charges to connect to the Internet (mostly in

    countries outside of the US) and some countries charge for every phone call made by their

    customers. In these cases, the user wastes connection time by downloading and sorting through

    unwanted email.


    6.4 Privacy Costs

    It's our belief that the biggest problem with spam, other than having to look at it, is that 90% ofthose sending it do it in a fraudulent way. They buy software that hides their identity, forges email

    headers, steals others' identities (read about one man's experience with identity theft at Behind

    Enemy Lines), use bogus cancellation addresses, and stake out a claim to their right to intrude on


  • 8/2/2019 Akshara Pts Report FINAL


    your privacy. Some even claim you signed up to receive their spam advertisement (which may

    contain some measure of truth but we will comment on that under How Did They Get My Email

    Address? If that were true, why then do they go to such lengths to hide their true identities.

    Year after year, the advertising component that was the original purpose of spam degeneratesfurther towards simple criminal opportunism. Since spam mailings are anonymous, their owners

    often cherish the illusion that they can operate with impunity.

    The most popular types of blatantly criminal spam are Nigerian letters and phishing. Spammers

    have been most inventive in creating ever more attractive bait for the user and seeking new

    targets for their attacks.

    In addition, the services of the spammer are in constant demand by virus writers. Virus writers use

    spam mailings to distribute their latest creations, often placing links to infected sites within the

    mailing that are designed to lure the unwary user to click on them for one reason or another. A

    recipient of such spam thus runs the risk of their computer being infected by a malicious program.

    According to the experts, the annual overall loss resulting from spam is estimated to be tens of

    billions of Dollars. As a result, anti-spam protection is not only desirable, but an urgent necessity.

    If spammer activity is not restricted, email could easily become a thing of the past, eclipsed by the

    overwhelming volume of spam.



    Maintain at least two email addresses. You should use your private address for personal correspondence The public address should be the one you use to register on public forums, in chat rooms, to subscribe to mailing



  • 8/2/2019 Akshara Pts Report FINAL


    Never publish your private address on publicly accessible resources.

    Your private address should be difficult to spoof. Spammers use combinations of obvious names, words and

    bers to build possible addresses. Your private address should not simply be your first and last name. Be creative

    personalize your email address.

    If you have to publish your private address electronically, mask it to avoid having it harvested by spammers.

    [email protected] is easy to harvest, as is Joe.Smith at yahoo.com. Try writing Joe-dot-Smith-at-yahoo-dot-com

    ad. If you need to publish your private address on a website, do this as a graphics file rather than as a link.

    Treat your public address as a temporary one. Chances are high that spammers will harvest your public

    ess fairly quickly. Don't be afraid to change it often.

    Always use your public address to register in forums and chatrooms and to subscribe to mailing lists and

    motions. You might even consider using a number of public addresses in order to trace which services are selling

    esses to spammers.

    Never respond to spam. Most spammers verify receipt and log responses. The more you respond, the more

    m you will receive.



  • 8/2/2019 Akshara Pts Report FINAL


    Do not click on unsubscribe links from questionable sources. Spammers send fake unsubscribe letters in

    an attempt to collect active addresses. You certainly don't want to have your address tagged as active as it

    will just increase the amount of spam that you receive.

    If your private address is discovered by spammers - change it. This can be inconvenient, but changing your

    email address does help you to avoid spam - at least for a while!

    Make sure that your email is filtered by an antispam solution. Consider installing a personal antispam

    solution. Only open email accounts with providers that offer spam filtration prior to mail delivery.


  • 8/2/2019 Akshara Pts Report FINAL




    The transmission of unsolicited commercial email messages (Spam) has become one of the most

    pressing issues in the information technology world.It is not possible to remove Cyber crimes from

    the cyber space. But it is quite possible to check them, and it can be done to make people aware of

    their rights and duties.Arms race between spammers and anti spam techniques.

    Effective and efficient use of various Anti-Spam techniques as discussed can make spamming less

    profitable and can prove a way to help FIGHT SPAM.

    Distributed Community approach most effective. However there were some attempts to introduce

    fees for sending e-mails they did not have any significant influence on the whole situation. Many

    skeptics predicted that this idea would satisfy neither e-mail providers nor users and that was the

    reality - Gates idea failed having been rejected by the majority of both. Also the performance of

    the latest spam recognition techniques seems to be quite disappointing. If we consider such

    technologies as Smart RBL or Distributed Checksum Clearing House (DCC) then spam filters

    using them quite often fail to distinguish spam/non-spam messages correctly and as a result

    legitimate e-mails are blocked while junk passes through to Inbox. To conclude we have to admit

    that in 2006 the situation with spam got much worse than it had been predicted before and at the


  • 8/2/2019 Akshara Pts Report FINAL


    moment there are no encouraging signs that could give some cause for optimism in the nearest

    future. "Arms race" is continuing and so far spammers have not shown any signs of exhaustion.



