Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

• What is spam…?What is spam…?

• Why is it a problem…?Why is it a problem…?

• Where do viruses fit in…?Where do viruses fit in…?

• Spyware, what is it what does it do…?Spyware, what is it what does it do…?

• “ “Phishing”, what is it…?Phishing”, what is it…?

• The merging of technologies.The merging of technologies.

• The new attack vector.The new attack vector.

• What can be done…?What can be done…?

Fighting spam by finding and listing Exploitable Servers.

• Unsolicited Bulk Email…?Unsolicited Bulk Email…?

• Unsolicited Commercial Email…?Unsolicited Commercial Email…?

• Unsolicited Promotional Email…?Unsolicited Promotional Email…?

• Not what we’re sending…?Not what we’re sending…?

• Unsolicited Email…?Unsolicited Email…?

• Objectionable Email…?Objectionable Email…?

• What the ACA tells us is spam…?What the ACA tells us is spam…?

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

• All of the above….! All of the above….!

• Each message is spam in it’s own right.Each message is spam in it’s own right.

• Each poses it’s own dangers.Each poses it’s own dangers.

• We should be working to stop them all.We should be working to stop them all.

Fighting spam by finding and listing Exploitable Servers.

• Open Relays Open Relays

• Proxy ServersProxy Servers

• Spam “Bots”Spam “Bots”

• DoS “Bots”DoS “Bots”

• More sinister directions...More sinister directions...

• SpywareSpyware

• Key-loggersKey-loggers

Fighting spam by finding and listing Exploitable Servers.

• Open Relays, are they really a problem…? Open Relays, are they really a problem…?

• How about proxy servers….?How about proxy servers….?

• The risks:The risks:

• Open relays are diminished in numbers.Open relays are diminished in numbers.

• Proxies work both ways.Proxies work both ways.

• Proxy servers being delivered in spam.Proxy servers being delivered in spam.

Fighting spam by finding and listing Exploitable Servers.

• Tracking movements across the NetTracking movements across the Net

• DemographicsDemographics

• Parental Control SoftwareParental Control Software

• SurveillanceSurveillance

• Key-loggingKey-logging

• Complete user trackingComplete user tracking

• How can we get rid of it…?How can we get rid of it…?

Fighting spam by finding and listing Exploitable Servers.

• (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity user into surrendering private information that will be used for identity

theft.theft.

• How do we combat it…?How do we combat it…?

• What can we do when we get caught...?What can we do when we get caught...?

• How can we prevent it…?How can we prevent it…?

Fighting spam by finding and listing Exploitable Servers.

• Email viruses combining with exploits.Email viruses combining with exploits.

• Newer Trojans that avoid system calls to “hide”. Newer Trojans that avoid system calls to “hide”.

• Newer ones allow remote upload of software.Newer ones allow remote upload of software.

• Continually changing ports to avoid detection.Continually changing ports to avoid detection.

• Calling home, or using IRC servers.Calling home, or using IRC servers.

Fighting spam by finding and listing Exploitable Servers.

• Open RelaysOpen Relays

• Open ProxiesOpen Proxies

• TrojansTrojans

• VirusesViruses

• SpywareSpyware

• What’s this all leading to….?What’s this all leading to….?

• Spam, Spam, Spam, and more Spam...! Spam, Spam, Spam, and more Spam...!

• So what is the new attack vector…? So what is the new attack vector…?

Fighting spam by finding and listing Exploitable Servers.

0

2000

4000

6000

8000

10000

12000

14000

16000

18000

20000

Date

Sp

ams

Det

ecte

d

SORBS

Spamhaus XBL

Linear (SORBS)

Linear (Spamhaus XBL)

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.

AHBL The Abusive Hosts Blocking List Hits: 1009 10%BOGONS completewhois.com: Bogon IP's Hits: 144 1%BOPM Blitzed Open Proxy Monitor Hits: 510 6%CBL Composite Blocking List Hits: 3010 24%DRBL Distributed Realtime Blocking List Hits: 1653 11%DSBL Distributed Server Boycott List Hits: 2962 25%FIVETEN Local Blackholes at Five-Ten Hits: 5903 47%JIPPGMA JIPPG's Relay Blackhole List Hits: 142 1%NJABL Not Just Another Bogus List Hits: 1769 16%NOMORE dr. Jørgen Mash's DNSbl Hits: 338 3%ORDB Open Relay DataBase Hits: 167 0%PSBL Passive Spam Block List Hits: 1161 9%SBL Spamhaus Block List Hits: 698 6%SORBS Spam and Open Relay Blocking System Hits: 4643 42%SPAMBAG Spambags Hits: 1167 11%SPAMCOP SpamCop Hits: 1868 17%SPAMRBL Hits: 9 0%SPAMSITE Spamware Peddler and Spamservices Hits: 5 0%SPEWS Spam Prevention Early Warning System Hits: 1552 12%UCEPROT Hits: 880 8%WPBL Weighted Private Block List Hits: 778 7%

Which shows statistics mean nothing!Which shows statistics mean nothing!

Fighting spam by finding and listing Exploitable Servers.

Fighting spam by finding and listing Exploitable Servers.