CSC 379 SUM2008:Week 1, Group 3
DUE FRIDAY 11:30PM
Spam
Spam is disruptive or unwanted message sent to a user especially through email, often in bulk. It is often sent as advertisements or scams, but sometimes it's purpose is just to annoy. There is little or no cost to spamming and the methods to do so are relatively simple, which accounts for its persistence over the years.
History
The term spam is believed by most to be coined by a Monty Python Skit. In the skit a group of vikings start singing a song about spam that drowns out the rest of the conversation. Users of MUD groups would fill the screen of other users with the lyrics to the spam song to discourage users from chatting. This became referred to as spamming.
The first commercial spam was by a lawyer group called Canter and Siegel. At the beginning of the internet, USENET was a system that had many different discussion groups that were very useful for gathering and discussing specific information. On April 12, 1994, Canter and Siegel hired a programmer to write a script that would post their add to every single USENET group. Soon after this other people started mass posting irrelevant ads and then people discovered that they could send unwanted emails over email.
Media
USENET
USENET was a networked discussion system. It was the best source of specific information before search engines became popular. It is known as the first system to be programatically spammed for commercial reasons.
Fax
Also known as junk faxes, companies would send mass unsolicited advertisements via fax. Junk faxing is very similar to SPAM in nature, but is usually not referred to by that title. Junk faxing has been all but shut down by the Telephone Consumer Protection Act of 1991 banning unsolicited faxes and requiring that a source number be required for all outgoing faxes.
Email spam or junk mail, is currently the most popular type of spam. Spam email usually is trying to get a user to buy something or to visit a certain website. Spam email offers range from weight loss schemes, advanced loans, adult products, work from home scams, offers to rebuild credit, and many more. Many of these email addresses are untraceable as the attackers who send the emails use web bots to take advantage of free webmail addresses. By doing this, it makes it practically impossible for a user to block all incoming spam mail. Besides using this technique, webmail servers spammers also use "spam art" to keep the junk mail filters from blocking their emails.
- Examples of "Spam Art"
- Viagra ---> V1agra ---> Vi@gra
In the United States in 2007 alone, it was estimated that Email spam cost businesses $198 billion dollars, up from 23 billion in 2003.
Spam email does not always just advertise scams and products. Many emails sent from spammers contain harmful viruses that can do serious damage to a users computer. In some cases these viruses use the users computer to send out more spam.
Text Message
With over 1 billion messages sent daily in the United States, text messaging is largely taking over much of the communication world. Knowing this fact, spammers knew they needed to broaden their field, thus text message spam was created. Much like Email spam, text message spam advertises products and scams. Most users say they get advertisements wanting them to download ringtones, go to dating sites, or look at their horoscope. In text message spam, the user is sent text messages from companies who through emails can send messages straight to a users phone, costing the company nothing. These messages quickly build up for the user costing him money and storage space in his/her inbox.
As for what to do about this growing problem, many phone companies are indecisive on this issue as they are profiting from the text messages that are sent to the user.
Instant messenger
With many types of instant messengers out on the market, spammers have a large playing field on which to flame people with messages. Many instant messenger services do not can encrypted servers allowing spammers to create many false internet identities. Using these new screen names the spammers go about sending messages to users asking them to "check out this picture" or other similar tactics. Once the user clicks on the link they are taken to a website usually prompting a certin product or scam. Instant message spam is very costly as it interrupts the user immediately unlike emails which users have to check.
Types
Phishing
Phishing is the fraudulent process of obtaining sensitive information, generally passwords and logins. Phishing generally takes place in E-mails and instant messages. Email phishing consists of the attacker creating a "look a-like" of a login page to a secure website. When the user puts in their login information, it is sent to the attackers computer, where the attacker can gain access to personal information and money accounts. Notable phishing attacks have occurred on eBay, Youtube, and many online banks. Instant messaging phishing interupts the user immediatly. The attacker sends a message like: "Hey, look at this picture.", after clicking on the link, the user is taken to a malicious website.
Pump and Dump
"Pump and Dump" is the act of an investor or group of investors sending out tons of messages promoting a stock which they hold calling it, "the next big thing". The stocks chosen are usually micro-cap stocks that are subject to frequent shifts in price. These investors keep on promoting the stock until it has risen enough to where they know they will make sizable profits from selling the stock after the rise in interest.
Nigerian Prince
Methods
There are many methods in which spam organizations operate. To maximize message output and to avoid prosecution many methods involve the use of control of machines owned by others. In other situations where the spam company is based in the United States, the actual servers sending the spam are being operated in foreign countries or through a proxy server to avoid location of the spamming operation source.
Zombie
Spam is increasingly sent from computers and users that have no idea that they are in fact sending unwarranted and sometimes illegal material to thousands of other users. An unprotected computer becomes a zombie when a virus or worm is sent not to disable or damage data on the machine but to utilize its own resources. This allows both bandwidth and processing power outside the physical mean of the individual sending the spam to output many times what one machine could produce. A zombie computer also creates spam from thousands and possibly millions of sources that is highly untraceable back to the one source of the spam for prosecution.
The term zombie is used to refer to such machines due to the fact the that local user usually has no idea that their machine is under the control of another. Typically zombie computers are used to distribute e-mail spam but can also be used to host phishing servers, performing click fraud, as well as money mule websites.
It is estimated that currently the large majority of e-mail spam is now sent via zombie computers.
- NEED LINKS!
Address Farming
There must be a repository setup for spammers to have the ability to constantly send e-mail spam to millions of users a time. In addition, there must be measures in place to harvest this repository for new addresses. Without the side task for farming for address, the spam source would not have targets to send e-mail to. These large banks of e-mails are either collected by the spammer or purchased by a side company that primarily collects valid e-mail addresses for the purpose of spamming.
A primary method used to collected valid and up to date e-mails is by the use of search engines to crawl the internet for e-mails that are placed on websites, newsgroups, or message boards. In a similar manner how Google searches and collects information about websites. These spambots search and collect information on websites that contain values of text that are the same as a valid e-mail address. Another method that is often used is the act of probing for e-mail addresses. A address farmer will create a website with associated advertisement to lure users to go to that site to enter their contact information for the chance to win a large prize. If you sign up for a newsletter or register a product with a company and choose to allow your e-mail address to be shared with "partners", often that partner is a firm that collects e-mail addresses for spammers.
The last main way of farming for address is to simply guess an e-mail address. With the many main free web based e-mail providers such as MSN, Yahoo, and Google, spammers may simple just randomly choose names for e-mail addresses in hopes that some of them are valid and active.
- NEED LINKS!
Proxy Servers and Multiple Server Locations
To accommodate the large abundance of bandwidth required to send out billions of e-mails a day from one source requires more than just one server. Spam only works based on the pure volume of e-mails sent out per unit of time. To accomplish this, spammers set up hundreds or thousands of servers all over to globe in countries that are eager to sell their bandwidth regardless of the purpose or legality. Even though a large percentage of spam originates from the United States, the largest majority comes from Asia and eastern block third world and developing countries.
For companies that do in fact send their bulk amount of spam within countries where it is illegal, the use of proxy servers are much more useful. Proxy servers are used to hide the originated source of the data transmission to another location. The spam is sent through proxy servers so that the originating location of the spam can not be determined.
Specially Formatted E-mails and Websites
Most mail servers and search engines have advanced filters that are able to determine if either an e-mail will be useful to read or if a website actually contains the information you are searching for. Both mail servers and search engines will block information that obviously appears to be spam.
In an effort to give the spam the appearance of legitimacy, the art of obscuring the spam in creative ways has grown. This is done in many clever ways. Sometimes spam e-mail will include a large amount of bogus text to appear like full blocks of paragraphs and sentences resembling a personally written e-mail when it has, in fact, been written automatically. To block spelling filters, spammers will creatively change the spelling of certain products that are key to spamming to bypass the blocks.
Also, using special HTML formatting to break up the letters of an e-mail text while allowing the viewer to read the spam correctly is another popular means of fooling an automated spam filter.
Other Methods
There are a myriad of ways that spammers foil filters and accomplish their task. Each day new ways are developed to block spam and at the same time new ways are developed to send spam. Most of these involve maximizing spam output and hiding the source of the spam by means of working through an unknown entity. This could be through e-mail relay to hide the real domain of the e-mail while also allowing the e-mail to look legitimate by modifying the header.
Spammers also trick spam recipients by modifying the to and from tag headers of an e-mail, Bypassing the actual e-mail server and sending directly to the recipient, or false or obscured URLs that may be use in conjunction with redirected URLs to heavily camouflage the e-mail as legitimate.
Links and Resources
Origin of Spam An essay on the origen of the term spam.
HowStuffWorks "How Spam Works" A in depth analysis on the workings of spam
Why is there so much spam? A description of spam tactics and methods
Popular spammer tricks Detailed tips and methods for the modern spammer
FTC-SPAM United States Federal Trade Commission Spam Headquarters
IM phishing Information on instant messaging phishing
Email phishing Microsoft warns users about phishing techniques
Pump and Dump Investopedia warns about pump and dump scams
Email Spam The Federal Trade Commission warns about spam
Text Message Spam The Seattle Times talks text message
Instant message spam Information week warns about IM spam