SlideShare una empresa de Scribd logo

20110524 a survey of spam

jasonmel
jasonmel
1 de 19
Descargar para leer sin conexión
A Survey of Spam Mel Huang Copyright 2009 Trend Micro Inc. 1
Outline • Introduction • As a Spammer – Target – Path – Content • Spam Ecosystem • Anti-spam Solutions • Do Anti-spam Solutions Work? Copyright 2009 Trend Micro Inc. 2
Introduction traditional spam Copyright 2009 Trend Micro Inc. 3
Introduction search social messaging blog/wiki phone/SMS engine networking spam spam spam spam spam Copyright 2009 Trend Micro Inc. 4
62T spam emails sent Introduction 33B kWh energy usage (could support 2.4M home in US) 17M tons of CO2 % of emails (0.2% of global emissions) 100 90 ? 80 70 Business cost US$130B 60 Spammers earned US$780M 50 Anti-spammers earned US$5B 40 30 Filtering saves 135B kWh  20 10 0 1971 … 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 1998 "Spam and the Ongoing Battle for the Inbox,” Communications of the ACM, 2007 2001 "Ending Spam's Free Ride," ACM Networker, 2003 2003 "Spam and the Social-Technical Gap," IEEE Computer, 2004 2004 "Bot Software Spreads, Causes New Worries," IEEE Distributed Systems Online, 2004 2005 "Scalable and Reliable Collaborative Spam Filters: Harnessing the Global Social Email Networks," CEAS 2005 2006 "The E-Mail Honeypot System - Concept, Implementation and Field Test Results," IEEE International Conference on the Digital Society, 2008 2007 "Spam and the Ongoing Battle for the Inbox," Communications of the ACM, 2007 2008 "The Economics of Botnets," Kapersky Lab, 2009 2010 "Correlating Spam Activity with IP Address Characteristics," IEEE Conference on Computer Communications, 2010 Related statistics http://ferris.com/reports/industry-statistics/ McAfee’s report http://www.mcafee.com/us/resources/reports/rp-carbonfootprint2009.pdf Copyright 2009 Trend Micro Inc. 5
As a Spammer social economic moral “Freakonomics,” 2005 Copyright 2009 Trend Micro Inc. 6
Copyright 2009 Trend Micro Inc. 7
As a Spammer path target content Screenshot from Angry Birds by Rovio ® Copyright 2009 Trend Micro Inc. 8
? As a Spammer • Target – web crawler – dictionary trial and error – steal member list “Who gets spammed?” Communications of the ACM, 2006 – buy from others “Do Zebras get more Spam than Aardvarks?“ CEAS, 2009 “Understanding How Spammers Steal Your E-Mail Address,” CEAS, 2005 Copyright 2009 Trend Micro Inc. 9
As a Spammer • Path ESP/ISP open proxy/relay botnet Copyright 2009 Trend Micro Inc. 10
As a Spammer “The E-Mail Honeypot System,” CEAS, 2008 “Spamming Chains,“ CEAS, 2009 “On the Spam Campaign Trail,” 2008 “Spamalytics,” Communications of the ACM, 2009 • Path ESP/ISP open proxy/relay botnet Copyright 2009 Trend Micro Inc. 11
As a Spammer “Anti-Honeypot Technology,” IEEE Security and Privacy, 2004 “Spamming Chains,“ CEAS, 2009 • Path Copyright 2009 Trend Micro Inc. 12
As a Spammer • Content salad jbvxc8b890 fjdaslioejw jvcxzjvo bxjcv0g9d jvsd9jowe rkstjkfs fjew09as vcx89gjdf bvxciobd bcvxklmkwr random characters “A Survey of Modern Spam Tools,” CEAS 2008 Copyright 2009 Trend Micro Inc. 13
Spam Ecosystem EU$199 free to EU$599 “Anti-Honeypot Technology,” IEEE Security and Privacy, 2004 “A Survey of Modern Spam Tools,” CEAS 2008 response rate 0.0001% to survive “Who Gets Spammed?” Communications of the ACM, 2006 “Spamalytics,” Communications of the ACM, 2009 honeypot hunter spam tools providers US$70 for 1000+ spammers US$1000-2000/month “The Ecomonics of Botnets,” Kaspersky Lab, 2009 US$1000 for 10M+ “The Ecomonics of Botnets,” Kaspersky Lab, 2009 phishing hosting rent for US$20/month/online bot sell for US$0.5/bot target harvesters average sending rate: 10 messages/min/bot “The Ecomonics of Botnets,” Kaspersky Lab, 2009 botnet owners Copyright 2009 Trend Micro Inc. 14
Unsolicited Bulk Email Unsolicited Commercial Email Excuse me! I’m a newsletter. Anti-spam Solutions Unsolicited Email • Law Junk Email – spam definition? • Pricing – Microsoft Penny Black Project Student Home Professional Enterprise – Yahoo! CentMail US$99 US$999 US$9999 US$99999 “Spam and the Ongoing Battle for the Inbox,” Communications of the ACM, 2007 • Technology “Spam and the Social-Technical Gap,” IEEE Computer, 2004 Copyright 2009 Trend Micro Inc. 15
Anti-spam Solutions • Technology – social networks – content solutions “Leveraging Social Networks to Fight Spam,” IEEE Computer, 2005 “Scalable and Reliable Collaborative Spam Filters,” CEAS, 2005 • Bayesian filter “Saving Private E-mail,” IEEE Spectrum, 2003 • rules-based filter – network solutions • rule-based filter (black/gray/whitelist) • authentication (DKIM, SenderID, …) “Filtering Spam E-mail on a Global Scale,” WWW Alt., 2004 “Stopping Spam by Extrusion Detection,” CEAS, 2004 “IPv6 and Spam,” MIT Spam Conference, 2009 “Stopping Outgoing Spam by Examining Incoming Server Logs,” CEAS, 2005 “Using Early Results from the spamHINTS Project to Estimate an ISP Abuse Teams Task,” CEAS, 2006 “Understanding Address Usage in the Visible Internet,” 2009 Copyright 2009 Trend Micro Inc. 16
Do Anti-spam Solutions work? “Spamalytics,” Communications of the ACM, 2009 < 0.0001% > 0.0001% > 0.0001% Copyright 2009 Trend Micro Inc. 17
Ah… Ah… Ah… Copyright 2009 Trend Micro Inc. 18
Thank You Copyright 2009 Trend Micro Inc. 19

Recomendados

Workshop Presentation V 17 10 08
Workshop Presentation V 17 10 08Workshop Presentation V 17 10 08
Workshop Presentation V 17 10 08Sanoma Netherlands
 
Asian Eye For The Gaming Guy TGX Edition
Asian Eye For The Gaming Guy TGX EditionAsian Eye For The Gaming Guy TGX Edition
Asian Eye For The Gaming Guy TGX EditionBenjamin Joffe
 
Биография Л.Н. Толстого
Биография Л.Н. ТолстогоБиография Л.Н. Толстого
Биография Л.Н. ТолстогоМКОУ СОШ № 1 г. Сим
 
#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...
#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...
#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...Giuseppe Fattori
 
Seppilli salute e sanità beni comuni
Seppilli salute e sanità beni comuniSeppilli salute e sanità beni comuni
Seppilli salute e sanità beni comuniGiuseppe Fattori
 
How to build a free wordpress site
How to build a free wordpress siteHow to build a free wordpress site
How to build a free wordpress siteAnyssa Jane
 
How and why you should spend money on facebook.
How and why you should spend money on facebook.How and why you should spend money on facebook.
How and why you should spend money on facebook.Anyssa Jane
 
The African Tulip
The African TulipThe African Tulip
The African TulipKimanyer Molacase
 

Recomendados

Workshop Presentation V 17 10 08
Workshop Presentation V 17 10 08Workshop Presentation V 17 10 08
Workshop Presentation V 17 10 08Sanoma Netherlands
 
Asian Eye For The Gaming Guy TGX Edition
Asian Eye For The Gaming Guy TGX EditionAsian Eye For The Gaming Guy TGX Edition
Asian Eye For The Gaming Guy TGX EditionBenjamin Joffe
 
Биография Л.Н. Толстого
Биография Л.Н. ТолстогоБиография Л.Н. Толстого
Биография Л.Н. ТолстогоМКОУ СОШ № 1 г. Сим
 
#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...
#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...
#Web2salute. Laboratorio FIASO "Comunicazione e promozione della salute" - FO...Giuseppe Fattori
 
Seppilli salute e sanità beni comuni
Seppilli salute e sanità beni comuniSeppilli salute e sanità beni comuni
Seppilli salute e sanità beni comuniGiuseppe Fattori
 
How to build a free wordpress site
How to build a free wordpress siteHow to build a free wordpress site
How to build a free wordpress siteAnyssa Jane
 
How and why you should spend money on facebook.
How and why you should spend money on facebook.How and why you should spend money on facebook.
How and why you should spend money on facebook.Anyssa Jane
 
The African Tulip
The African TulipThe African Tulip
The African TulipKimanyer Molacase
 
Pertemuan2
Pertemuan2Pertemuan2
Pertemuan2mutmainnamaruru
 
К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)
К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)
К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)Центральная научная библиотека имени Якуба Коласа Национальной академии наук Беларуси
 
фгостест математика 4 класс
фгостест математика 4 классфгостест математика 4 класс
фгостест математика 4 классМКОУ СОШ № 1 г. Сим
 
выбираем будущую профессию
выбираем будущую профессиювыбираем будущую профессию
выбираем будущую профессиюmaychik1995
 
티초이스기업문화소개(Final)
티초이스기업문화소개(Final)티초이스기업문화소개(Final)
티초이스기업문화소개(Final)sayjes84
 
Presentation3
Presentation3Presentation3
Presentation3tottenhamboy5
 
Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1FransRutten
 
Excel Chapter 02
Excel Chapter 02Excel Chapter 02
Excel Chapter 02jgardne4
 
D cerno recording v2.1
D cerno recording v2.1D cerno recording v2.1
D cerno recording v2.1Televic Conference
 
Profile
ProfileProfile
ProfileANANDNARAYANA123
 
Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1FransRutten
 
Noor dance co.proposal
Noor dance co.proposalNoor dance co.proposal
Noor dance co.proposalNoorDance
 
Ecosye dr
Ecosye drEcosye dr
Ecosye drdrodarte004
 
Galeria affirmation
Galeria affirmationGaleria affirmation
Galeria affirmationluciacardoso17
 
Invertebrates cheryl
Invertebrates cherylInvertebrates cheryl
Invertebrates cherylsilviaprofe56
 
Pertemuan 9
Pertemuan 9Pertemuan 9
Pertemuan 9mutmainnamaruru
 
Nursing pathocards
Nursing pathocardsNursing pathocards
Nursing pathocardssofiabarone08
 
Васіль Быкаў: пайсці і вярнуцца
Васіль Быкаў: пайсці і вярнуццаВасіль Быкаў: пайсці і вярнуцца
Васіль Быкаў: пайсці і вярнуццаЦентральная научная библиотека имени Якуба Коласа Национальной академии наук Беларуси
 
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...Gianluca Stringhini
 
Volume of Threat: The AV update deployment bottleneck
Volume of Threat: The AV update deployment bottleneckVolume of Threat: The AV update deployment bottleneck
Volume of Threat: The AV update deployment bottleneckAnthony Arrott
 
Kaspersky - 07apr2011
Kaspersky - 07apr2011Kaspersky - 07apr2011
Kaspersky - 07apr2011Agora Group
 
Democratization of IT - october 18 - 20m
Democratization of IT - october 18 - 20mDemocratization of IT - october 18 - 20m
Democratization of IT - october 18 - 20mAlistair Croll
 

Más contenido relacionado

Destacado

выбираем будущую профессию
выбираем будущую профессиювыбираем будущую профессию
выбираем будущую профессиюmaychik1995
 
티초이스기업문화소개(Final)
티초이스기업문화소개(Final)티초이스기업문화소개(Final)
티초이스기업문화소개(Final)sayjes84
 
Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1FransRutten
 
Excel Chapter 02
Excel Chapter 02Excel Chapter 02
Excel Chapter 02jgardne4
 
Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1FransRutten
 
Noor dance co.proposal
Noor dance co.proposalNoor dance co.proposal
Noor dance co.proposalNoorDance
 
Invertebrates cheryl
Invertebrates cherylInvertebrates cheryl
Invertebrates cherylsilviaprofe56
 

Destacado (18)

Pertemuan2
Pertemuan2Pertemuan2
Pertemuan2
 
К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)
К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)
К 440 летию типографии Мамоничей (из фонда ЦНБ НАН Беларуси)
 
фгостест математика 4 класс
фгостест математика 4 классфгостест математика 4 класс
фгостест математика 4 класс
 
выбираем будущую профессию
выбираем будущую профессиювыбираем будущую профессию
выбираем будущую профессию
 
티초이스기업문화소개(Final)
티초이스기업문화소개(Final)티초이스기업문화소개(Final)
티초이스기업문화소개(Final)
 
Presentation3
Presentation3Presentation3
Presentation3
 
Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1
 
Excel Chapter 02
Excel Chapter 02Excel Chapter 02
Excel Chapter 02
 
D cerno recording v2.1
D cerno recording v2.1D cerno recording v2.1
D cerno recording v2.1
 
Profile
ProfileProfile
Profile
 
Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1Dialogue Magazine Jaargang1
Dialogue Magazine Jaargang1
 
Noor dance co.proposal
Noor dance co.proposalNoor dance co.proposal
Noor dance co.proposal
 
Ecosye dr
Ecosye drEcosye dr
Ecosye dr
 
Galeria affirmation
Galeria affirmationGaleria affirmation
Galeria affirmation
 
Invertebrates cheryl
Invertebrates cherylInvertebrates cheryl
Invertebrates cheryl
 
Pertemuan 9
Pertemuan 9Pertemuan 9
Pertemuan 9
 
Nursing pathocards
Nursing pathocardsNursing pathocards
Nursing pathocards
 
Васіль Быкаў: пайсці і вярнуцца
Васіль Быкаў: пайсці і вярнуццаВасіль Быкаў: пайсці і вярнуцца
Васіль Быкаў: пайсці і вярнуцца
 

Similar a 20110524 a survey of spam

The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...Gianluca Stringhini
 
Volume of Threat: The AV update deployment bottleneck
Volume of Threat: The AV update deployment bottleneckVolume of Threat: The AV update deployment bottleneck
Volume of Threat: The AV update deployment bottleneckAnthony Arrott
 
Kaspersky - 07apr2011
Kaspersky - 07apr2011Kaspersky - 07apr2011
Kaspersky - 07apr2011Agora Group
 
Democratization of IT - october 18 - 20m
Democratization of IT - october 18 - 20mDemocratization of IT - october 18 - 20m
Democratization of IT - october 18 - 20mAlistair Croll
 
Symantec message labs intelligence final 2010
Symantec message labs intelligence final 2010Symantec message labs intelligence final 2010
Symantec message labs intelligence final 2010Retelur Marketing
 
Telecom Spam Mathan Session2 08 Dec 06
Telecom Spam Mathan Session2 08 Dec 06Telecom Spam Mathan Session2 08 Dec 06
Telecom Spam Mathan Session2 08 Dec 06SANSEXPERT
 
Intro To 20 Technology
Intro To 20 TechnologyIntro To 20 Technology
Intro To 20 Technologybc91404
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle BH
 
Computer viruses and criminal internet business
Computer viruses and criminal internet businessComputer viruses and criminal internet business
Computer viruses and criminal internet businessAndrei Kolesnikov
 
Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3princescorpio
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python PresentationAkramWaseem
 
Change Marketing v01
Change Marketing v01Change Marketing v01
Change Marketing v01Alain Thys
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
The Rise Of The Network Company
The Rise Of The Network CompanyThe Rise Of The Network Company
The Rise Of The Network CompanySubrahmanyam KVJ
 
Mark Logic Digital Publishing Summit, Kellogg
Mark Logic Digital Publishing Summit, KelloggMark Logic Digital Publishing Summit, Kellogg
Mark Logic Digital Publishing Summit, KelloggDave Kellogg
 
Key Internet Trends For 2008 Beyond Mc
Key Internet Trends For 2008 Beyond McKey Internet Trends For 2008 Beyond Mc
Key Internet Trends For 2008 Beyond McMichael (Mike) Compeau
 
Mobile, Mobile, Mobile
Mobile, Mobile, MobileMobile, Mobile, Mobile
Mobile, Mobile, MobilePaul Golding
 
Mobile Leveraging The New New Media
Mobile Leveraging The New New MediaMobile Leveraging The New New Media
Mobile Leveraging The New New MediaRoshan Kumar
 
Discover the value in IBM Business Analytics
Discover the value in IBM Business AnalyticsDiscover the value in IBM Business Analytics
Discover the value in IBM Business AnalyticsDaryl Pereira
 

Similar a 20110524 a survey of spam (20)

The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...
 
Volume of Threat: The AV update deployment bottleneck
Volume of Threat: The AV update deployment bottleneckVolume of Threat: The AV update deployment bottleneck
Volume of Threat: The AV update deployment bottleneck
 
Kaspersky - 07apr2011
Kaspersky - 07apr2011Kaspersky - 07apr2011
Kaspersky - 07apr2011
 
Democratization of IT - october 18 - 20m
Democratization of IT - october 18 - 20mDemocratization of IT - october 18 - 20m
Democratization of IT - october 18 - 20m
 
Symantec message labs intelligence final 2010
Symantec message labs intelligence final 2010Symantec message labs intelligence final 2010
Symantec message labs intelligence final 2010
 
Telecom Spam Mathan Session2 08 Dec 06
Telecom Spam Mathan Session2 08 Dec 06Telecom Spam Mathan Session2 08 Dec 06
Telecom Spam Mathan Session2 08 Dec 06
 
Intro To 20 Technology
Intro To 20 TechnologyIntro To 20 Technology
Intro To 20 Technology
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbot
 
Computer viruses and criminal internet business
Computer viruses and criminal internet businessComputer viruses and criminal internet business
Computer viruses and criminal internet business
 
Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3Bitdefender Corporate July2011 V3
Bitdefender Corporate July2011 V3
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python Presentation
 
Change Marketing v01
Change Marketing v01Change Marketing v01
Change Marketing v01
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del web
 
The Rise Of The Network Company
The Rise Of The Network CompanyThe Rise Of The Network Company
The Rise Of The Network Company
 
Mark Logic Digital Publishing Summit, Kellogg
Mark Logic Digital Publishing Summit, KelloggMark Logic Digital Publishing Summit, Kellogg
Mark Logic Digital Publishing Summit, Kellogg
 
Key Internet Trends For 2008 Beyond Mc
Key Internet Trends For 2008 Beyond McKey Internet Trends For 2008 Beyond Mc
Key Internet Trends For 2008 Beyond Mc
 
Mobile, Mobile, Mobile
Mobile, Mobile, MobileMobile, Mobile, Mobile
Mobile, Mobile, Mobile
 
Mobile Leveraging The New New Media
Mobile Leveraging The New New MediaMobile Leveraging The New New Media
Mobile Leveraging The New New Media
 
Discover the value in IBM Business Analytics
Discover the value in IBM Business AnalyticsDiscover the value in IBM Business Analytics
Discover the value in IBM Business Analytics
 

20110524 a survey of spam

  • 1. A Survey of Spam Mel Huang Copyright 2009 Trend Micro Inc. 1
  • 2. Outline • Introduction • As a Spammer – Target – Path – Content • Spam Ecosystem • Anti-spam Solutions • Do Anti-spam Solutions Work? Copyright 2009 Trend Micro Inc. 2
  • 3. Introduction traditional spam Copyright 2009 Trend Micro Inc. 3
  • 4. Introduction search social messaging blog/wiki phone/SMS engine networking spam spam spam spam spam Copyright 2009 Trend Micro Inc. 4
  • 5. 62T spam emails sent Introduction 33B kWh energy usage (could support 2.4M home in US) 17M tons of CO2 % of emails (0.2% of global emissions) 100 90 ? 80 70 Business cost US$130B 60 Spammers earned US$780M 50 Anti-spammers earned US$5B 40 30 Filtering saves 135B kWh  20 10 0 1971 … 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 1998 "Spam and the Ongoing Battle for the Inbox,” Communications of the ACM, 2007 2001 "Ending Spam's Free Ride," ACM Networker, 2003 2003 "Spam and the Social-Technical Gap," IEEE Computer, 2004 2004 "Bot Software Spreads, Causes New Worries," IEEE Distributed Systems Online, 2004 2005 "Scalable and Reliable Collaborative Spam Filters: Harnessing the Global Social Email Networks," CEAS 2005 2006 "The E-Mail Honeypot System - Concept, Implementation and Field Test Results," IEEE International Conference on the Digital Society, 2008 2007 "Spam and the Ongoing Battle for the Inbox," Communications of the ACM, 2007 2008 "The Economics of Botnets," Kapersky Lab, 2009 2010 "Correlating Spam Activity with IP Address Characteristics," IEEE Conference on Computer Communications, 2010 Related statistics http://ferris.com/reports/industry-statistics/ McAfee’s report http://www.mcafee.com/us/resources/reports/rp-carbonfootprint2009.pdf Copyright 2009 Trend Micro Inc. 5
  • 6. As a Spammer social economic moral “Freakonomics,” 2005 Copyright 2009 Trend Micro Inc. 6
  • 7. Copyright 2009 Trend Micro Inc. 7
  • 8. As a Spammer path target content Screenshot from Angry Birds by Rovio ® Copyright 2009 Trend Micro Inc. 8
  • 9. ? As a Spammer • Target – web crawler – dictionary trial and error – steal member list “Who gets spammed?” Communications of the ACM, 2006 – buy from others “Do Zebras get more Spam than Aardvarks?“ CEAS, 2009 “Understanding How Spammers Steal Your E-Mail Address,” CEAS, 2005 Copyright 2009 Trend Micro Inc. 9
  • 10. As a Spammer • Path ESP/ISP open proxy/relay botnet Copyright 2009 Trend Micro Inc. 10
  • 11. As a Spammer “The E-Mail Honeypot System,” CEAS, 2008 “Spamming Chains,“ CEAS, 2009 “On the Spam Campaign Trail,” 2008 “Spamalytics,” Communications of the ACM, 2009 • Path ESP/ISP open proxy/relay botnet Copyright 2009 Trend Micro Inc. 11
  • 12. As a Spammer “Anti-Honeypot Technology,” IEEE Security and Privacy, 2004 “Spamming Chains,“ CEAS, 2009 • Path Copyright 2009 Trend Micro Inc. 12
  • 13. As a Spammer • Content salad jbvxc8b890 fjdaslioejw jvcxzjvo bxjcv0g9d jvsd9jowe rkstjkfs fjew09as vcx89gjdf bvxciobd bcvxklmkwr random characters “A Survey of Modern Spam Tools,” CEAS 2008 Copyright 2009 Trend Micro Inc. 13
  • 14. Spam Ecosystem EU$199 free to EU$599 “Anti-Honeypot Technology,” IEEE Security and Privacy, 2004 “A Survey of Modern Spam Tools,” CEAS 2008 response rate 0.0001% to survive “Who Gets Spammed?” Communications of the ACM, 2006 “Spamalytics,” Communications of the ACM, 2009 honeypot hunter spam tools providers US$70 for 1000+ spammers US$1000-2000/month “The Ecomonics of Botnets,” Kaspersky Lab, 2009 US$1000 for 10M+ “The Ecomonics of Botnets,” Kaspersky Lab, 2009 phishing hosting rent for US$20/month/online bot sell for US$0.5/bot target harvesters average sending rate: 10 messages/min/bot “The Ecomonics of Botnets,” Kaspersky Lab, 2009 botnet owners Copyright 2009 Trend Micro Inc. 14
  • 15. Unsolicited Bulk Email Unsolicited Commercial Email Excuse me! I’m a newsletter. Anti-spam Solutions Unsolicited Email • Law Junk Email – spam definition? • Pricing – Microsoft Penny Black Project Student Home Professional Enterprise – Yahoo! CentMail US$99 US$999 US$9999 US$99999 “Spam and the Ongoing Battle for the Inbox,” Communications of the ACM, 2007 • Technology “Spam and the Social-Technical Gap,” IEEE Computer, 2004 Copyright 2009 Trend Micro Inc. 15
  • 16. Anti-spam Solutions • Technology – social networks – content solutions “Leveraging Social Networks to Fight Spam,” IEEE Computer, 2005 “Scalable and Reliable Collaborative Spam Filters,” CEAS, 2005 • Bayesian filter “Saving Private E-mail,” IEEE Spectrum, 2003 • rules-based filter – network solutions • rule-based filter (black/gray/whitelist) • authentication (DKIM, SenderID, …) “Filtering Spam E-mail on a Global Scale,” WWW Alt., 2004 “Stopping Spam by Extrusion Detection,” CEAS, 2004 “IPv6 and Spam,” MIT Spam Conference, 2009 “Stopping Outgoing Spam by Examining Incoming Server Logs,” CEAS, 2005 “Using Early Results from the spamHINTS Project to Estimate an ISP Abuse Teams Task,” CEAS, 2006 “Understanding Address Usage in the Visible Internet,” 2009 Copyright 2009 Trend Micro Inc. 16
  • 17. Do Anti-spam Solutions work? “Spamalytics,” Communications of the ACM, 2009 < 0.0001% > 0.0001% > 0.0001% Copyright 2009 Trend Micro Inc. 17
  • 18. Ah… Ah… Ah… Copyright 2009 Trend Micro Inc. 18
  • 19. Thank You Copyright 2009 Trend Micro Inc. 19