ICASAS206A Detect and protect from spam and destructive software

Identify and Stop Spam

Warren ToomeyNorth Coast TAFEPort Macquarie campus

Spam: Unsolicted Messages• Spam is the use of electronic messaging

systems to send unsolicited bulk messages• Mainly e-mail, also Facebook, Twitter, forums,

wikis, blogs etc.▫UCE: unwanted commercial e-mails▫Not just commercial, often malware vector

• Viable: cheap to send messages, use of botnets• Purpose:

▫Send users to websites (collect personal information), spread malware, sucker users in on pyramid schemes

Spam Terms (Wikipedia)• Phishing: attempting to acquire information such

as usernames, passwords, and credit card details by masquerading as a trustworthy entity

• Botnet: collections of computers on the Internet configured to collectively perform a task, e.g. send spam

• E-mail harvesting: process of obtaining lists of email addresses using various methods for use in bulk email or other purposes usually grouped as spam

Spam: Legislation• US: CAN-SPAM Act 2003• Australia: SPAM Act 2003• Our legislation covers commercial messages• The sender must:

1. Have the consent of the receiver, either direct or implied via an existing business relationship

2. Accurately identify the sender of the spam3. Have an unsubscribe option that must come

into effect within 5 days• Doesn’t cover international senders, non-

commercial messages

E-mail Spam: Percentages

•Most of the e-mail sent is spam

•2012 and 1st half of 2013 – Kaspersky Labs

E-mail Spam: Country of Origin

Spam Characteristics: Unknown Sender•Trying to sell products: equipment,

pharmaceuticals etc.•May involve money: I have $50M to shift•Poor grammar, badly laid out•Inconsistent mail headers

▫But too technical to delve into here•Lots of links for you to click on•Asks you to unsubscribe

▫If you do, it confirms your address is valid

Spam Characteristics: “Known” Sender•Trusted entity (e.g. bank) or a friend•Trusted entity: your account has been frozen,

please click on this link to reset your password▫Wants you to perform action based on trust

•E-mail from “friend”▫Is vague, doesn’t say anything to prove they

know you▫Friend is in trouble, can you help them out, e.g.

by sending them money▫Or, click here, this is a great video of XYZ….

Other Spam: Instant Messaging

•Spim: instant messaging spam•Use of IM systems to send spam:

Facebook, Twitter, AIM, Yahoo, AOL etc.•Spim will probably overtake spam

▫Next generation uses e-mail less, IM more•Click fraud: deliver hyperlinks that can be

easily clicked on to direct users to malicious websites

Other Spam: SMS & MMS

•Unwanted messages through SMS or MMS (multimedia messages) on your ‘phone

•Can cost you to receive them (e.g. roaming)

•Replies to them can cost a lot▫Premium phone numbers

•You may “subscribe” to a service, and then get charged for each message they send to you

•Can be very hard to unsubscribe

Fighting Spam

•There is no silver bullet for this•You can never reach 0% incoming spam•However, you can minimise it•This requires a combination of technology

and intelligence on your part•Technology by itself is not enough!

Fighting Spam: Technology

•Use filtering software▫Looks at message content and labels as

spam/not spam. Sometimes accurate, sometimes not

•Use anti-virus software, keep it updated•Use a personal firewall•Keep your security patches up to date•Whitelisting, blacklisting, greylisting

▫Each one has pros and cons

Fighting Spam: Intelligence•Choose password that are not easy to guess•Protect your e-mail address

▫Be careful who you give it to▫Use Bcc when sending messages to lots of people▫Don’t respond to spam, watch “unsubscribe” links▫Watch web forms: collecting your personal data▫Use multiple disposable e-mail addresses

•Don’t click on links in messages▫Reach and check the link details▫Type in by hand if necessary

Fighting Spam: Intelligence•Protect your mobile number

▫Don’t send “free ringtones” to your phone▫Be careful who you give your number to on-line

•Read terms & conditions: what on-line companies can do with your details

•Stay on top of current scams: www.scamwatch.gov.au

•Don’t open attachments! Don’t unsubscribe•Don’t trust e-mail details: sender, subject line•Report suspicious e-mails, especially bank ones

Who to Report Spam To?•ACMA: Forward the message to the Spam

Intelligence Database at report@submit.spam.acma.gov.au.

• If spam say it’s from a trusted entity (e.g. a bank) then report it to them, to help other people

• If you think someone in your organisation has had their address book compromised, report it to the IT staff

Activity

•Login to your e-mail service here, or at home

•Research what spam filtering and spam detection mechanisms are available

•Configure your e-mail system to detect spam

•Look through your junk mail folder▫Read through some spam messages▫Assess why they should be considered as

spam