CEHv6 module 40 spamming

Trang 1

Ethical Hacking and CountermeasuresVersion 6

Module XLSpamming

Ethical Hacking and Countermeasures v6

Module XL: Spamming Exam 312-50

Trang 2

of the size that generates major amount of spam and are considered as “copycats” They are so called because they use the Storm Gang’s approach in expanding botnet

The Internet users are suggested not to open the executable files that come as mail attachments from suspected email IDs They should be careful from being self-infected by the botware; a means of social engineering, which is one of the hacker’s tricks Spammers try to imitate the Storm and establish wide-reaching and powerful botnets The botnet network should be eradicated to avoid spam

Trang 3

Module Objective:

This module will familiarize you with:

 Spamming

 Techniques used by Spammers

 How Spamming is Performed

Trang 4

Module Flow

Spamming

How Spamming is Performed

Bulk Emailing Tools Techniques used by

Spammers

Anti- Spam Techniques

Ways of Spamming

Types of Spam Attacks

Anti- Spamming Tools

Module Flow

Trang 5

Spam is also known as Unsolicited Commercial Email (UCE), Unsolicited Bulk Mail (UBM), junk mail, and irrelevant newsgroup cross-posting Spam mails are successful to get the attention and interest of the users by giving attractive content in the emails

Spam emails are sent to a number of email addresses by expecting that at least few users who received spam mails will respond to the mail

Spam emails are successful because they are quick, simple, and cheap Just a computer and an Internet connection are required to propagate spam Since emails are sent in bulk to many users, it costs less and requires less time

Trang 6

Techniques Used by Spammers

• Message appears to be from user’s own domain

Spoofing the domain:

• Addition of invisible text or numbering in message

Poisoning or spoofing filters:

• Used to manipulate people to perform actions or divulge confidential information

Techniques Used by Spammers

(cont’d)

• It installs Trojan horse and viruses that malfunctions host computer

Sending virus attached files:

• Using innocuous words (ham words) in a SPAM, thereby effectively poisoning the database in the long run

 Techniques used by Spammers

Spoofing the domain:

An attacker spoofs the domain names or the email addresses and sends the email messages to convince the receiver of the mail that it is from a known sender so that receiver accepts those mails This type of spamming damages the goodwill and reputation of the victim organization whose domain is spoofed.Poisoning or Spoofing filters:

Filters can be poisoned by adding the text in the message that appears to be of the same color as of the background to reduce the score of the filtering process The other way of poisoning the filters is to use numbers instead of letters

Social Engineering:

Social Engineering refers to tricking the target user to divulge information related to the target organization or any personal information Spammers can lure end users by sending promotional emails related to any products offering huge discounts once they fill in their personal information

Directory harvesting:

Trang 7

In directory harvesting, spammers generate email addresses by using known email addresses from corporate or ISP mail server This helps spammers to send emails to randomly generated email addresses Some of the addresses are real addresses while the others are false ones

Phishing attacks:

Phishing attacks redirect users to illegitimate websites that have the same look and feel of the original website These attacks are carried out to acquire the user’s information and passwords of the user’s account in a bank User unknowingly gives his/her bank account information in the illegitimate site used

by the attacker to get access to the bank and do the transactions

Sending Viruses:

The spamming emails may contain some attachments, which when launched installs a Trojan or virus into the system This virus searches the hard drive for email addresses and sends copies of viruses from its SMTP engine, and also sends a report to the spammers when it can control the user’s machine

Trang 8

• Spammers get access to the email ID’s when the user registers to any email service, forums, or blogs by hacking the information or registering

as genuine users

• Spiders are used which searches the code in web pages that looks as email ID’s and copies it to the database

• E-mail extraction tools that have built in search engines to find email ID’s of companies based on the key words entered are used

• On-line Ad Tracking tools help the spammers to analyze details of the number of users who opened the spam mails, the responses to it, and which ad brought the best results

Getting the email ID’s

(cont’d)

• Rogue ISPs obtain their own network numbering and multiple domain names from the interNIC using which spammers manage to get across spam blocks

• On-the-fly Spammers - Spammers register as genuine users for trial accounts with ISPs and use forged identities to start spam hits

• Blind Relayers – Some servers relay a message without authentication which is send as genuine mail

How Spam is Relayed

• The subject line of the email is given as ‘Re: or Fw:’

assures the anti spam softwares that it is a genuine reply to users message

• The spam message is enclosed as an image in the mail

to make the anti spam software trust the source

Getting passed the anti spam softwares

 How Spamming is Performed

Getting the Email IDs:

It is important to have email IDs of the recipients to send spam emails Spammers acquire email IDs using various techniques Some of the techniques are described below:

 The emails IDs can be obtained when the user registers for a free email service A user gives away his/her personal information to access the newsgroups or mailing list Spammers hack the information given by the user or even register to the site as a legitimate user and get the user’s email ID

 A software program, known as spider, is used by spammers, which searches the webpages for the code that will be in the form of email ID If it finds the email ID code in the webpage, it copies into the database

 Email extraction software is used to search the intended email ID’s The search engine in it is used

to search for a particular set of people based on the keywords given

Trang 9

How is Spam Relayed:

 Rogue ISPs use InterNIC (The Internet's Network Information Center) to obtain their own network numbering and multiple domain names These domain names are used by the spammers

to pass the spam blocks

 On-the-fly Spamming is a technique used by the spammers to register themselves as multiple users for a trial account with ISPs which are used for spam hits Spammers change their account when the ISP hosts a spam run

 Blind relaters are relaying messages without authentication The mails are routed through these servers by the spammers The relay sends the mail, which appears to be genuine

Bypassing the Anti-Spam Software:

 Spam emails can be delivered even if the user has the anti-spam software by using these techniques:

o The subject line in the mail should start with FW: or Re: to convince the spam filters that the message is a reply for the user’s mail

o Sending the spam messages in the form of images to get through the spam filters

Trang 10

Email Spam:

Email spam is targeted towards single or multiple users with direct addresses Email spam lists are created by searching the Internet for addresses such as Usenet postings, blogs, and email discussions that are used by the public and private forums

Trang 12

Worsen ISP: Statistics

Source: http://www.spamhaus.org/

 Worsen ISP: Statistics

Source: http://www.spamhaus.org/statistics/spammers.lasso

Trang 13

Top Spam Effected Countries:

Statistics

Source: http://www.spamhaus.org/

 Top Spam Effected Countries: Statistics

Source: http://www.spamhaus.org/statistics/spammers.lasso

Trang 14

Types of Spam Attacks

• Making the text look same as the back ground color

Hidden text & links

• Giving duplicate title tags and Meta tags

Blog & Wiki spamming

Types of Spam Attacks (cont’d)

• In this type of spamming, emails containing only images without any text are sent by spammers to evade security systems/controls

Image Spam

• Redirecting a page which improves the page rank of the redirected page

Hijacking/pagejacking

 Types of Spam Attacks

Types of spam attacks include:

Hidden text and links:

Hidden text is a type of attack where the text of the message is of the same color as the background that cannot be read by the visitors This is used to increase the search engine ranking by filling the webpage with keywords Hidden links are links on the webpage of the hidden text

The ways of hiding text are:

1 Include white text on a white background

2 Keep text overlapped by an image

3 Make use of the CSS to hide text

4 The font size can be set to zero

The hidden links are unreadable because:

1 The text in it is in hidden form

Trang 15

2 It uses CSS to minimize the hyperlinks to tiny pixels

3 The hidden links are of small characters

This form of attack is no longer successful because the search engines can stop such type of attacks This attack may trick the search engine for a certain period of time, but may have a risk of their site being banned by the search engine

Cloaking:

Cloaking is a technique where the search engine and the user are provided with different pages The search engine gets text full of pages while the user gets graphical set of pages As the search engine blocks some of the graphics and visual attractiveness of pages from getting to the user, cloaking creates two different pages for both search engine and user It also prevents the user from knowing the optimization techniques used to send the message and stealing the optimized pages

To differentiate search engines and users in order to send the type of webpage that is requested, it is important to check the visitor’s IP address or their user-agent string To check the visitor’s IP address, updated database of the known spider IP’s has to be maintained Checking the user-agent string is less secured than checking the visitor’s IP address

Blog and Wiki spamming:

Website blogs are maintained by companies to enable their web visitors to write comments related to the particular site It facilitates for an open discussion about any topic regarding the site As the blog is well opened to all the users, it leads to blog spamming Spammers search for blogs and post key worded text links in large numbers, which worsen things It is easy for the spammers to hit the blogs that are the least updated and old

Wikis are the sites that allow any one of the users to update and change the content of the page on the website Wiki spamming consists of a list of links included in the pages Most spam links may look as a trusted link text but the URL directs to some unauthorized or illegal sites By keeping many spam pages as links in the wikis, spammers make their page ranking higher in the search engine when people click on the link

Image Spam:

Bundling spam messages inside the image avoids detection by the spam filters; as a result, the spam messages can be sent to the user’s inbox without any obstacles The messages appear to be a text based email complete with hyperlinks The messages do not have any text in the image but only the HTML code

to display the image It does not contain any clickable link in the image but the majority of the messages pump and dump stock scams in which the spammers send messages to increase the stock of what they have invested to get a quick profitable run

Hijacking/pagejacking:

Hijacking is spamming the index of the search engine It can be achieved by making a copy of a popular website where the contents are similar to the original and redirecting the users to illegal or malicious websites This can be used by the spammers to achieve high rank It is a form of cloaking, because when two websites with similar content are present, the web crawlers keep only one of the two URL’s Spammers ensure that the duplicate website is the one shown in the result page

Pagejacking is the process of stealing the content of the webpage and copying it to another webpage to divert some of the original traffic to the authorized website to the copied website They depend on the search engines to spider the illegitimate website content and index them so that the copied website appears in the site ranking The users can think that it is the legitimate website and once they visit the copied site they may be subjected to mouse trapping which does not allow the user to leave the website

Trang 16

Bulk Emailing Tools

Spam

Trang 17

It detects many common bad addresses existing

on the mailing lists

It provides a detailed logs of the entire delivering process and reports if there is any kind of error

 Fairlogic Worldcast

Source: http://www.fairlogic.com/bss/free_bulk_emailing_tool

Fairlogic Worldcast is a customized mailer and also an address validator It is perfect for individuals or businesses to send customized email messages to their customers, newsletters, business notices, Internet marketing, CRM, and other essential information It also detects many common bad addresses that exist

on many mailing lists, providing a detailed log of the entire delivering process and reporting any kind of error It can even determine up to 90% of "dead" emails in the address lists before sending, providing detailed and handy logs for each message sent

WorldCast imports huge recipient lists from dBase tables, text, and Comma Separated Values (CSV) files, from Outlook, Outlook Express, Eudora, Netscape Messenger and Palm Desktop, providing easy (and extensive) mail-merging features, using all fields of the database given a certain mailing list, containing the name and the job

Trang 18

123 Hidden Sender

123 Hidden Sender sends absolute anonymous bulk emails

The IP address is not shown in the email headers

ISP service is not lost

It is an anonymous, bulk email software program based on a unique know-how sending technology It provides real anonymous instant delivery You can use your regular Internet connection because your IP address will never be shown in the email headers It does not need the SMTP servers

Trang 19

It also has import & export function and a duplicate email addresses remover

 YL Mail Man

Source: http://www.ylcomputing.com/content/view/194/111/

YL Mail Man is a flexible email addresses management and email delivering software It helps companies

or shareware authors to organize and manage large volumes of customer email addresses and contact all customers by email in simple steps The multi-level categories feature allows the user to organize and manage all kinds of contacts and addresses The built-in HTML Email Editor allows the user to create professional newsletter or product upgrade notifications email easily This email management software also has import-export function and a duplicate email addresses remover YL Mail Man is a stand-alone email addresses management and newsletter sending software The program has its own internal SMTP server and delivers email messages directly to their recipients by passing your ISP mail system

Features:

 Organizes and manages large volumes of customer email addresses

 Built-in professional email templates

 The number of email recipients are unlimited

 Manages email addresses by categories

 Fast and secured delivery of email

Trang 20

Trang 21

The bulk process sends upto 100 simultaneous emails directly to recipients

Millions of customized emails in HTML or plain format can be send, with or without attachments and without overloading ISP's servers

 DirectSender

Source: http://www.bluechillies.com/details/30419.html

Direct Sender quickly and easily sends unlimited numbers of personalized email messages using any kind

of database (Access97/2000, Excel, text, and ODBC) The bulk process sends up to 100 simultaneous emails directly to recipients, checking its state before, without using the provider's SMTP Millions of customized emails can be sent in HTML or plain format, with or without attachments and without overloading the ISP''s servers

Trang 22

If the email address is valid, Hotmailer will automatically send the mail

 Hotmailer

Source: http://www.bluechillies.com/details/36527.html

Hotmailer is a bulk email sender, email address finder, and verifier It can efficiently search large amount

of email addresses from a mail server in a short time With built in SMTP server, it connects to the remote server and posts email addresses for verification If the email address is valid, Hotmailer will automatically send the mail With a 56K Internet connection speed, it can send approximately 2000 or more mails per minute

Trang 23

PackPal Bulk Email Server

PackPal Bulk Email Server is a safe and fast bulk email sender

It can run as a background service

It can work with most mail clients

• Super Bulk Email Marketing tool

• The way to promote web presence

• There is no limit on the amount of messages send through the bulk email server

 The way to promote the web presence

 There is no limit on the amount of messages sent through the bulk email server

 Supports SMTP Authentication before sending emails

Tiêu đề	Spamming
Trường học	EC-Council
Chuyên ngành	Ethical Hacking
Thể loại	Module

Định dạng
Số trang	46
Dung lượng	1,72 MB