DOCSLIB.ORG

Understanding the World's Worst Spamming Botnet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Computer Sciences Department Understanding the World’s Worst Spamming Botnet Tatsuya Mori Holly Esquivel Aditya Akella Akihiro Shimoda Shigeki Goto Technical Report #1660 June 2009 Understanding the World's Worst Spamming Botnet Tatsuya Mori Holly Esquivel Aditya Akella NTT Laboratories UW - Madison UW - Madison Akihiro Shimoda Shigeki Goto Waseda University Waseda University ABSTRACT ming to template-based spamming. These new sophisticated On November 11, 2008, the primary web hosting company, user interfaces play a key role in the efficiency of dissemi- McColo, for the command and control servers of Srizbi bot- nation mechanisms in spamming infrastructures [8]. These net was shutdown by its upstream ISPs. Subsequent re- improvements have lead to an exponential increase in spam- ports claimed that the volume of spam dropped significantly ming capabilities. For example, “Srizbi” is claimed to be everywhere on that very same day. In this work, we aim capable of sending 60 billion spam messages per day, which to understand the world’s worst spamming botnet, Srizbi, is more than half of the total 100 billion spam messages sent and to study the effectiveness of targeting the botnet’s com- per day on average [9]. According to a more recent report, mand and control servers, i.e., McColo shutdown, from the today’s newest spamming botnet, “Conficker”, consists of viewpoint of Internet edge sites. We conduct an extensive more than 10 million infected hosts all over the world and measurement study that consists of e-mail delivery logs and could be capable of sending out 400 billion spam messages packet traces collected at four vantage points. The total mea- per day [2]. These large global-spamming infrastructures surement period spans from July 2007 to April 2009, which have traditionally been hard to stifle. includes the day of McColo shutdown. We employ passive In late 2008, a bold and drastic action was taken to con- TCP fingerprinting on the collected packet traces to identify tain the world’s worst spamming botnet, Srizbi. On Novem- Srizbi bots and spam messages sent from them. ber 11, the web hosting service provider, McColo, was shut The main contributions of this work are summarized as down by its two upstream ISPs. McColo is known as a so- follows. We first estimate the global scale of Srizbi botnet in called “bulletproof hosting” company because it allowed its a probabilistic way. Next, we quantify the volume of spam customers to bypass laws regulating Internet content and ser- sent from Srizbi and the effectiveness of the McColo shut- vices. McColo also allowed these customers to remain on- down from an edge site perspective. Finally, we reveal sev- line regardless of complaints. The company hosted the C&C eral findings that are useful in understanding the growth and servers for major spamming botnets, including Srizbi [3]. evolution of spamming botnets. We detail the rise and steady Accordingly, as many operators and researchers expected, it growth of Srizbi botnet, as well as, the version transition of is widely reported that the volume of spam dropped from 50 Srizbi after the McColo shutdown. to 75 percent on the very same day [3, 14]. Although recent measurement studies report that spam vol- ume has returned to pre-McColo shutdown levels [14], the 1. INTRODUCTION temporal but great success of the shutdown indicates that this Over the past few years, the volume of e-mail spam has unprecedented and drastic move was effective. This action grown significantly to the point it is no longer just a nui- allows us to better understand the larger picture of spam- sance. Some reports suggest that as much as 90–95% of all ming botnets and the way in which they can make transi- e-mail sent or received today is spam [1,6]. E-mail spam has tions, which is crucial to building an effective and sustain- evolved along many dimensions in recent times, and is em- able anti-spam solution. As a first step toward this goal, we ployed to conduct numerous subversive and illegal activities aim to understand the world’s worst spamming botnet, Srizbi such as financial scams, phishing, and propagating malware. and to study the effectiveness of targeting the botnet’s C&C Recently, botnets have been widely used as a scalable servers (i.e., McColo shutdown). We also look at the long- and elusive approach to disseminating spam messages. The term trends of Srizbi to study how the botnet has grown and bot on the infected host sends out spam messages triggered evolved. by instructions from spammers who purchased access to the We conduct an extensive analysis of e-mail delivery logs botnet. Spammers send the instructions from the command and packet traces collected at four different vantage points and control (C&C) server via IRC channels. Recently, spam- across two countries: US and Japan. We also use publicly ming botnets have made the transition from proxy-based spam- available packet traces published by MAWI [12]. The four 1 locations consist of four different types of Internet edge sites, Table 1: Total measurement periods of data sets. namely, an enterprise network, a campus network, a leaf tcpdump SMTP log site of a scientific research network, and an international UW Feb 9, 2008 – Jul 11, 2008 Feb 1, 2008 – Apr 30, 2008 Apr 7, 2008 – Jul 31, 2008 Apr 7, 2008 – Jul 31, 2008 backbone link used by several research organizations. The CORP Dec 26, 2008 – Apr 17, 2009 Jan 1, 2009 – Mar 31, 2009 total data collection periods span from July 2007 to April GEM – Aug 1, 2008 – Apr 30, 2009 2009. The spam volume changes between the pre- and post- MAWI Jul 1, 2007 – Apr 27, 2009 – McColo time period can be studied from our data sets. To detect the spam traffic from Srizbi bots, we leverage a TCP fingerprinting technique, which can identify the op- surement tool used to collect the packet traces. The second erating system of a host based on the TCP/IP stack of the set of data contains all e-mail delivery records for each van- system. As Stern discovered [18], Srizbi uses a dedicated tage point for all respective e-mail servers. For future refer- network driver that uses intrinsic TCP/IP parameter settings. ence, we refer to this the data set as SMTP log(s). Table 1 Thus, we can extract hosts infected with the Srizbi trojan by summarizes the measurement period of each data set. tracking their TCP fingerprint signature. In addition to the In the following, we describe how each data set is col- three signatures presented by Stern et al. [18], we found that lected and processed for our analysis. the Srizbi botnet has other variants of these signatures. Tcpdump. For UW, and CORP, packet traces are col- The primary contributions of this work are: lected on the incoming external links of the networks. For • We probabilistically estimate the size of Srizbi botnet by MAWI, we use packet traces which were collected on trans- correlating data sets that were independently sampled at Pacific line (150-Mbps link) that connects US and Japan, Internet edge sites. which is utilized by several research organizations. Analyz- ing packet traces enables us to study all the incoming SMTP • We quantify the volume of spam sent from Srizbi and connections to the networks. To extract minimal informa- study the effectiveness of the McColo shutdown from the tion excluding private information, we filter all the packets view point of Internet edge sites. other than TCP packets with SYN flag that are destined to • We reveal several findings that are useful in understand- the SMTP port. This filtration allows us to employ TCP fin- ing the spread of spamming botnets; specifically, we note gerprinting on packets from e-mail senders while discarding the steady growth of Srizbi and the version transition of all other private information in the subsequent SMTP trans- Srizbi after the McColo shutdown. missions. The IP addresses of MAWI tcpdump traces are We believe that the collection and analysis of long-term anonymized to make the data publicly available. Since these data sets is a promising approach to identifying the upcom- traces have been collected since July 2007, we can study the ing spamming botnets, studying how they are mitigated by long-term trends of the spamming botnets. actions against them, and building a methodology to stop SMTP logs. For UW, CORP and GEM, SMTP logs were spamming botnets permanently. collected on commercial anti-spam appliances. UW and CORP The remainder of this paper is structured as follows: Sec- operate greylisting mechanisms on top of their anti-spam ap- tion 2 presents a description of data sets we use in this work. pliances. Greylisting is a mechanism that temporarily re- In section 3, we present our findings on the characteristics jects e-mail messages from a sender which has not previ- and trends of the Srizbi botnet. In section 4 we discuss some ously been seen. Greylisting is effective because if an e- related studies and compared them to ours. Finally, section 5 mail is rejected, a spammer will likely not retransmit it since concludes our work. spammers cannot afford the time and resources to retry thou- sands of bounced messages. By analyzing greylisting logs, the SMTP connections which did not attempt retransmission 2. DATA DESCRIPTION can be extracted. In this work, we regard these connections We collected data from four vantage points located at dif- as attempted spam messages sent to the e-mail servers. That ferent organizations and countries. The measurement period is, if a connection is filtered by greylisting and is not retried spans from July 2007 to Apr 2009.
Recommended publications
  • Technical and Legal Approaches to Unsolicited Electronic Mail, 35 USFL Rev

    Technical and Legal Approaches to Unsolicited Electronic Mail, 35 USFL Rev

    UIC School of Law UIC Law Open Access Repository UIC Law Open Access Faculty Scholarship 1-1-2001 Technical and Legal Approaches to Unsolicited Electronic Mail, 35 U.S.F. L. Rev. 325 (2001) David E. Sorkin John Marshall Law School, [email protected] Follow this and additional works at: https://repository.law.uic.edu/facpubs Part of the Computer Law Commons, Internet Law Commons, Marketing Law Commons, and the Privacy Law Commons Recommended Citation David E. Sorkin, Technical and Legal Approaches to Unsolicited Electronic Mail, 35 U.S.F. L. Rev. 325 (2001). https://repository.law.uic.edu/facpubs/160 This Article is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in UIC Law Open Access Faculty Scholarship by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. Technical and Legal Approaches to Unsolicited Electronic Mailt By DAVID E. SORKIN* "Spamming" is truly the scourge of the Information Age. This problem has become so widespread that it has begun to burden our information infrastructure. Entire new networks have had to be constructed to deal with it, when resources would be far better spent on educational or commercial needs. United States Senator Conrad Burns (R-MT)1 UNSOLICITED ELECTRONIC MAIL, also called "spain," 2 causes or contributes to a wide variety of problems for network administrators, t Copyright © 2000 David E. Sorkin. * Assistant Professor of Law, Center for Information Technology and Privacy Law, The John Marshall Law School; Visiting Scholar (1999-2000), Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University.
  • The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
  • Successful Non-Governmental Threat Attribution

    Successful Non-Governmental Threat Attribution

    Successful Non-Governmental! Threat Attribution, Containment! and Deterrence: A Case Study! Joe St Sauver, Ph.D. ! [email protected] or [email protected]! Internet2 Nationwide Security Programs Manager! November 2nd, 2010, 1:15-2:30 PM, Chancellor I! http://pages.uoregon.edu/joe/attribute-contain-deter/! Disclaimer: The opinions expressed are those of the author and ! do not necessarily represent the opinion of any other party.! I. Introduction! 2! Cyberspace: Anonymous and Undeterred?! • General Keith Alexander, Director of the National Security Agency (DIRNSA), recently commented [1] that in cyberspace:! "" "“It is difficult to deliver an effective response if the ! " "attacker's identity isn't known,” and ! " "“It is unclear if the government's response to cyber ! " "threats and attacks have deterred criminals, ! " "terrorists, or nations.” ! • That's a provocatively framed (if equivocal) assessment, and one worthy of careful consideration given its source. ! 3! Is The Concept of Deterrence Even Relevant to ! Attacks on Private Critical Cyber Infrastructure?! • In pondering that quote, I also note the National Research Council's (NRC's) “Cyber Deterrence Research and Scholarship” question number 39, [2] which asked: ! "" "How and to what extent, if at all, is deterrence applicable! " "to cyber attacks on private companies (especially those that! " "manage U.S. critical infrastructure)? ! • Since the Office of the Director of National Intelligence (ODNI) requested the NRC's inquiry into cyber deterrence, and since General Alexander is now leading the new United States Cyber Command as well as the National Security Agency, it is appropriate to consider these two questions jointly. ! 4! Can We Identify An Example of Successful Attribution and Cyber Deterrence?! • If we are to prove that cyber deterrence is both relevant and possible, and that the difficulties associated with attribution can be overcome, we must be able to point to at least one example of successful attribution and cyber deterrence.
  • Compu Talk Vol

    Compu Talk Vol

    Sri Sathya Sai College for Women, Bhopal 2017 A newsletter from the Dept. of Computer Sci. & Appl. Compu Talk Vol. III Cyber Security job oppurtunities Botnet Department of Computer Computer Network Science and Application Firewall Departmental News Now Trending: including smartphones, televisions and tiny devices and integration of these as part of the Job Opportunities under the Cyber Internet of Things. Boom in cyber threats has Security Umbrella been an integral part of boom in information technology . Cyber security also known in simpler terms as computer security or IT security involves the Typical cyber security job titles and protection of computer systems from theft, descriptions may include the following: damage or destruction of 1. Security Analyst their hardware, software, data and information, as well from disruption, misuse or A Security Analyst analyzes and assesses misdirection of the services provided through vulnerabilities in the infrastructure which them to cause damage to the fellow humans or includes software, hardware and the society. associated networks. He/she performs The role of cyber security involves investigation using available tools, suggests controlling or limiting physical access to the counter-measures to remedy the detected hardware, as well as protecting them against any vulnerabilities, and recommends solutions harm or attack that may come via network and best practices. He/she analyzes and access intrusion, data insertion and code assesses the damage done to the injection and remote control. IT security is data/infrastructure as a result of security susceptible to being tricked into deviating from incidents, examines available recovery tools secure procedures through various methods. and processes, and recommends solutions.
  • Technical and Legal Approaches to Unsolicited Electronic Mail†

    Technical and Legal Approaches to Unsolicited Electronic Mail†

    35 U.S.F. L. REV. 325 (2001) Technical and Legal Approaches to Unsolicited Electronic Mail† By DAVID E. SORKIN* “Spamming” is truly the scourge of the Information Age. This problem has become so widespread that it has begun to burden our information infrastructure. Entire new networks have had to be constructed to deal with it, when resources would be far better spent on educational or commercial needs. United States Senator Conrad Burns (R-MT)1 UNSOLICITED ELECTRONIC MAIL, also called “spam,”2 causes or contributes to a wide variety of problems for network administrators, † Copyright © 2000 David E. Sorkin. * Assistant Professor of Law, Center for Information Technology and Privacy Law, The John Marshall Law School; Visiting Scholar (1999–2000), Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University. The author is grateful for research support furnished by The John Marshall Law School and by sponsors of the Center for Education and Research in Information Assurance and Security. Paul Hoffman, Director of the Internet Mail Consortium, provided helpful comments on technical matters based upon an early draft of this Article. Additional information related to the subject of this Article is available at the author’s web site Spam Laws, at http://www.spamlaws.com/. 1. Spamming: Hearing Before the Subcomm. on Communications of the Senate Comm. on Commerce, Sci. & Transp., 105th Cong. 2 (1998) (prepared statement of Sen. Burns), available at 1998 WL 12761267 [hereinafter 1998 Senate Hearing]. 2. The term “spam” reportedly came to be used in connection with online activities following a mid-1980s episode in which a participant in a MUSH created and used a macro that repeatedly typed the word “SPAM,” interfering with others’ ability to participate.
  • Symantec Intelligence Report: June 2011

    Symantec Intelligence Report: June 2011

    Symantec Intelligence Symantec Intelligence Report: June 2011 Three-quarters of spam send from botnets in June, and three months on, Rustock botnet remains dormant as Cutwail becomes most active; Pharmaceutical spam in decline as new Wiki- pharmacy brand emerges Welcome to the June edition of the Symantec Intelligence report, which for the first time combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from May and June 2011. Report highlights Spam – 72.9% in June (a decrease of 2.9 percentage points since May 2011): page 11 Phishing – One in 330.6 emails identified as phishing (a decrease of 0.05 percentage points since May 2011): page 14 Malware – One in 300.7 emails in June contained malware (a decrease of 0.12 percentage points since May 2011): page 15 Malicious Web sites – 5,415 Web sites blocked per day (an increase of 70.8% since May 2011): page 17 35.1% of all malicious domains blocked were new in June (a decrease of 1.7 percentage points since May 2011): page 17 20.3% of all Web-based malware blocked was new in June (a decrease of 4.3 percentage points since May 2011): page 17 Review of Spam-sending botnets in June 2011: page 3 Clicking to Watch Videos Leads to Pharmacy Spam: page 6 Wiki for Everything, Even for Spam: page 7 Phishers Return for Tax Returns: page 8 Fake Donations Continue to Haunt Japan: page 9 Spam Subject Line Analysis: page 12 Best Practices for Enterprises and Users: page 19 Introduction from the editor Since the shutdown of the Rustock botnet in March1, spam volumes have never quite recovered as the volume of spam in global circulation each day continues to fluctuate, as shown in figure 1, below.
  • Downloading and Running

    Downloading and Running

    City Research Online City, University of London Institutional Repository Citation: Meng, X. (2018). An integrated networkbased mobile botnet detection system. (Unpublished Doctoral thesis, City, Universtiy of London) This is the accepted version of the paper. This version of the publication may differ from the final published version. Permanent repository link: https://openaccess.city.ac.uk/id/eprint/19840/ Link to published version: Copyright: City Research Online aims to make research outputs of City, University of London available to a wider audience. Copyright and Moral Rights remain with the author(s) and/or copyright holders. URLs from City Research Online may be freely distributed and linked to. Reuse: Copies of full items can be used for personal research or study, educational, or not-for-profit purposes without prior permission or charge. Provided that the authors, title and full bibliographic details are credited, a hyperlink and/or URL is given for the original metadata page and the content is not changed in any way. City Research Online: http://openaccess.city.ac.uk/ [email protected] AN INTEGRATED NETWORK- BASED MOBILE BOTNET DETECTION SYSTEM Xin Meng Department of Computer Science City, University of London This dissertation is submitted for the degree of Doctor of Philosophy City University London June 2017 Declaration I hereby declare that except where specific reference is made to the work of others, the contents of this dissertation are original and have not been submitted in whole or in part for consideration for any other degree or qualification in this, or any other University. This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration, except where specifically indicated in the text.
  • Coordinating Across Chaos: the Practice of Transnational Internet Security Collaboration

    Coordinating Across Chaos: the Practice of Transnational Internet Security Collaboration

    COORDINATING ACROSS CHAOS: THE PRACTICE OF TRANSNATIONAL INTERNET SECURITY COLLABORATION A Dissertation Presented to The Academic Faculty by Tarun Chaudhary In Partial Fulfillment of the Requirements for the Degree International Affairs, Science, and Technology in the Sam Nunn School of International Affairs Georgia Institute of Technology May 2019 COPYRIGHT © 2019 BY TARUN CHAUDHARY COORDINATING ACROSS CHAOS: THE PRACTICE OF TRANSNATIONAL INTERNET SECURITY COLLABORATION Approved by: Dr. Adam N. Stulberg Dr. Peter K. Brecke School of International Affairs School of International Affairs Georgia Institute of Technology Georgia Institute of Technology Dr. Michael D. Salomone Dr. Milton L. Mueller School of International Affairs School of Public Policy Georgia Institute of Technology Georgia Institute of Technology Dr. Jennifer Jordan School of International Affairs Georgia Institute of Technology Date Approved: March 11, 2019 ACKNOWLEDGEMENTS I was once told that writing a dissertation is lonely experience. This is only partially true. The experience of researching and writing this work has been supported and encouraged by a small army of individuals I am forever grateful toward. My wife Jamie, who has been a truly patient soul and encouraging beyond measure while also being my intellectual sounding board always helping guide me to deeper insight. I have benefited from an abundance of truly wonderful teachers over the course of my academic life. Dr. Michael Salomone who steered me toward the world of international security studies since I was an undergraduate, I am thankful for his wisdom and the tremendous amount of support he has given me over the past two decades. The rest of my committee has been equally as encouraging and provided me with countless insights as this work has been gestating and evolving.
  • Cyberpro December 4, 2008

    Cyberpro December 4, 2008

    Volume 1, Edition 15 CyberPro December 4, 2008 Keeping Cyberspace Professionals Informed Officers The articles and information appearing herein are intended for President educational purposes to promote discussion in the public interest and to Larry K. McKee, Jr. keep subscribers who are involved in the development of Cyber-related concepts and initiatives informed on items of common interest. The Senior Analyst newsletter and the information contained therein are not intended to Jim Ed Crouch provide a competitive advantage for any commercial firm. Any ------------------------------ misuse or unauthorized use of the newsletter and its contents will result CyberPro Research in removal from the distribution list and/or possible administrative, civil, Analyst and/or criminal action. Kathryn Stephens The views, opinions, and/or findings and recommendations contained in this summary are those of the authors and should not be construed as an official position, policy, or decision of the United States Government, CyberPro Archive U.S. Department of Defense, or National Security Cyberspace Institute. To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription. Please contact Larry McKee , ph. (757) 871-3578, regarding CyberPro subscription, sponsorship, and/or advertisement. All rights reserved. CyberPro may not be published, broadcast, rewritten or redistributed without prior NSCI consent. 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578 CyberPro National Security Cyberspace Institute P a g e | 1 Volume
  • Detection of Distributed Denial-Of-Service Attacks in Encrypted Network Traffic

    Detection of Distributed Denial-Of-Service Attacks in Encrypted Network Traffic

    Mikko Hyvärinen Detection of Distributed Denial-of-Service Attacks in Encrypted Network Traffic Master’s Thesis in Information Technology December 9, 2016 University of Jyväskylä Department of Mathematical Information Technology Author: Mikko Hyvärinen Contact information: [email protected] Supervisor: Timo Hämäläinen & Mikhail Zolotukhin Title: Detection of Distributed Denial-of-Service Attacks in Encrypted Network Traffic Työn nimi: Hajautettujen palvelunestohyökkäysten havainnointi salatussa verkkoliiken- teessä Project: Master’s Thesis Study line: Software Development Page count: 122+9 Abstract: Context: Distributed denial-of-service attacks have existed for two decades. Var- ious strategies have been developed to combat the increasing volume of attacks over the years. Application layer attacks are becoming more common, and they are harder to detect. Current detection methods analyze traffic features. The packet payload is encrypted in an SSL/TLS traffic, and it cannot be analyzed. Objective: The thesis studies the current situa- tion of detection of DDoS attacks in an SSL/TLS encrypted traffic. Also, the thesis presents a K-means++ clustering-based detection method and comparable simulation results with the previous literature. Methods: The author conducted a light systematic mapping study by searching common computer science literature libraries. The author ran experiments with the clustering-based method in a virtual network. Results: The mapping study found that the detection methods concentrate on clustering and statistical anomaly detection methods. In the experiments, denial-of-service attack simulations revealed that the K-means++ clus- tering detects trivial DDoS attacks with near 100% accuracy. Datasets were found to be an important part when comparing results. Conclusion: The mapping study revealed encrypted denial-of-service research study areas where more research is needed when compared to the non-encrypted counterpart.
  • Glossary of Spam Terms

    Glossary of Spam Terms

    white paper Glossary of Spam terms The jargon of The spam indusTry table of Contents A Acceptable Use Policy (AUP) . 5 Alias . 5 Autoresponder . 5 B Ban on Spam . 5 Bayesian Filtering . 5 C CAN-SPAM . 5 Catch Rate . 5 CAUSe . 5 Challenge Response Authentication . 6 Checksum Database . 6 Click-through . 6 Content Filtering . 6 Crawler . 6 D Denial of Service (DoS) . 6 Dictionary Attack . 6 DNSBL . 6 e eC Directive . 7 e-mail Bomb . 7 exploits Block List (XBL) (from Spamhaus org). 7 F False Negative . 7 False Positive . 7 Filter Scripting . 7 Fingerprinting . 7 Flood . 7 h hacker . 8 header . 8 heuristic Filtering . 8 honeypot . 8 horizontal Spam . 8 i internet Death Penalty . 8 internet Service Provider (iSP) . 8 J Joe Job . 8 K Keyword Filtering . 9 Landing Page . 9 LDAP . 9 Listwashing . 9 M Machine-learning . 9 Mailing List . 9 Mainsleaze . 9 Malware . 9 Mung . 9 N Nigerian 419 Scam . 10 Nuke . 10 O Open Proxy . 10 Open Relay . 10 Opt-in . 10 Opt-out . 10 P Pagejacking . 10 Phishing . 10 POP3 . 11 Pump and Dump . 11 Q Quarantine . 11 R RBLs . 11 Reverse DNS . 11 ROKSO . 11 S SBL . 11 Scam . 11 Segmentation . 11 SMtP . 12 Spam . 12 Spambot . 12 Spamhaus . 12 Spamming . 12 Spamware . 12 SPewS . 12 Spider . 12 Spim . 12 Spoof . 12 Spyware . 12 t training Set . 13 trojan horse . 13 trusted Senders List . 13 U UCe . 13 w whack-A-Mole . 13 worm . 13 V Vertical Spam . 13 Z Zombie . 13 Glossary of Spam terms A acceptable use policy (AUP) A policy statement, made by an iSP, whereby the company outlines its rules and guidelines for use of the account .
  • Image Spam Detection: Problem and Existing Solution

    Image Spam Detection: Problem and Existing Solution

    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 Image Spam Detection: Problem and Existing Solution Anis Ismail1, Shadi Khawandi2, Firas Abdallah3 1,2,3Faculty of Technology, Lebanese University, Lebanon ----------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Today very important means of communication messaging spam, Internet forum spam, junk fax is the e-mail that allows people all over the world to transmissions, and file sharing network spam [1]. People communicate, share data, and perform business. Yet there is who create electronic spam are called spammers [2]. nothing worse than an inbox full of spam; i.e., information The generally accepted version for source of spam is that it crafted to be delivered to a large number of recipients against their wishes. In this paper, we present a numerous anti-spam comes from the Monty Python song, "Spam spam spam spam, methods and solutions that have been proposed and deployed, spam spam spam spam, lovely spam, wonderful spam…" Like but they are not effective because most mail servers rely on the song, spam is an endless repetition of worthless text. blacklists and rules engine leaving a big part on the user to Another thought maintains that it comes from the computer identify the spam, while others rely on filters that might carry group lab at the University of Southern California who gave high false positive rate. it the name because it has many of the same characteristics as the lunchmeat Spam that is nobody wants it or ever asks Key Words: E-mail, Spam, anti-spam, mail server, filter.