Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3179 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Ethical Hacking and Countermeasures Version 6 Module XL Spamming Ethical Hacking and Countermeasures v6 Module XL: Spamming Exam 312-50 Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3180 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News Source: http://www.nzherald.co.nz/  News A group of spammers is managing a large network of compromised computers by using the names of celebrities in its spam. This network is huge and capable enough to rival the Storm Worm botnet. These spammers send huge number of spam mails containing malware. These malware try to steal personal information such as passwords. Surveys indicate that 20 percent of spam is circulated. The spam mails contain various subject lines such as Windows Security Updates and free games. They contain the botnet of the size that generates major amount of spam and are considered as “copycats”. They are so called because they use the Storm Gang’s approach in expanding botnet. The Internet users are suggested not to open the executable files that come as mail attachments from suspected email IDs. They should be careful from being self-infected by the botware; a means of social engineering, which is one of the hacker’s tricks. Spammers try to imitate the Storm and establish wide- reaching and powerful botnets. The botnet network should be eradicated to avoid spam. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3181 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective This module will familiarize you with: Spamming Techniques used by Spammers How Spamming is performed Ways of Spamming Types of Spam attacks Bulk Emailing Tools Anti-Spam Techniques Anti- Spamming Tools Module Objective: This module will familiarize you with:  Spamming  Techniques used by Spammers  How Spamming is Performed  Ways of Spamming  Types of Spam Attacks  Anti-Spam Techniques  Spamming Tools  Anti- Spamming Tools Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3182 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Spamming How Spamming is Performed Bulk Emailing Tools Techniques used by Spammers Anti- Spam Techniques Ways of Spamming Types of Spam Attacks Anti- Spamming Tools Module Flow Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3183 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Introduction Spamming is populating the user’s inbox with unsolicited or junk emails Spam email contains malicious computer programs such as viruses and Trojans which change the computer settings or track the system Spamming is also used for product advertisements  Introduction Spamming is the process of populating the user’s inbox with unsolicited or junk emails. It is normally used to advertise about any product or services but the real problem arises for the user when the mails contain viruses and malicious software that can damage the user’s computer or data. Spam is also known as Unsolicited Commercial Email (UCE), Unsolicited Bulk Mail (UBM), junk mail, and irrelevant newsgroup cross-posting. Spam mails are successful to get the attention and interest of the users by giving attractive content in the emails. Spam emails are sent to a number of email addresses by expecting that at least few users who received spam mails will respond to the mail. Spam emails are successful because they are quick, simple, and cheap. Just a computer and an Internet connection are required to propagate spam. Since emails are sent in bulk to many users, it costs less and requires less time. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3184 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Techniques Used by Spammers • Message appears to be from user’s own domain Spoofing the domain: • Addition of invisible text or numbering in message Poisoning or spoofing filters: • Used to manipulate people to perform actions or divulge confidential information Social Engineering: • By sending messages to possible addresses and then building a list of valid email addresses through non-delivery reports Directory harvesting: • Convinces the user that the mail is sent by a trusted source Phishing attacks: EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Techniques Used by Spammers (cont’d) • It installs Trojan horse and viruses that malfunctions host computer Sending virus attached files: • Using innocuous words (ham words) in a SPAM, thereby effectively poisoning the database in the long run Database Poisoning: • Hiding spam words by inserting invalid HTML tags in between words Junk Tags: • Spam word like mortgage etc. are masked by inserting special characters or junk characters in between Invalid Words:  Techniques used by Spammers Spoofing the domain: An attacker spoofs the domain names or the email addresses and sends the email messages to convince the receiver of the mail that it is from a known sender so that receiver accepts those mails. This type of spamming damages the goodwill and reputation of the victim organization whose domain is spoofed. Poisoning or Spoofing filters: Filters can be poisoned by adding the text in the message that appears to be of the same color as of the background to reduce the score of the filtering process. The other way of poisoning the filters is to use numbers instead of letters. Social Engineering: Social Engineering refers to tricking the target user to divulge information related to the target organization or any personal information. Spammers can lure end users by sending promotional emails related to any products offering huge discounts once they fill in their personal information. Directory harvesting: Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3185 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. In directory harvesting, spammers generate email addresses by using known email addresses from corporate or ISP mail server. This helps spammers to send emails to randomly generated email addresses. Some of the addresses are real addresses while the others are false ones. Phishing attacks: Phishing attacks redirect users to illegitimate websites that have the same look and feel of the original website. These attacks are carried out to acquire the user’s information and passwords of the user’s account in a bank. User unknowingly gives his/her bank account information in the illegitimate site used by the attacker to get access to the bank and do the transactions. Sending Viruses: The spamming emails may contain some attachments, which when launched installs a Trojan or virus into the system. This virus searches the hard drive for email addresses and sends copies of viruses from its SMTP engine, and also sends a report to the spammers when it can control the user’s machine. Database Poisoning: Spammers use ham words or innocuous words which affects the database in the long term. Junk Tags: The spam words can be hidden by including invalid HTML tags within the words. Invalid Words: Some special characters or junk characters are inserted in between the spam words. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3186 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How Spamming is Performed • Spammers get access to the email ID’s when the user registers to any email service, forums, or blogs by hacking the information or registering as genuine users • Spiders are used which searches the code in web pages that looks as email ID’s and copies it to the database • E-mail extraction tools that have built in search engines to find email ID’s of companies based on the key words entered are used • On-line Ad Tracking tools help the spammers to analyze details of the number of users who opened the spam mails, the responses to it, and which ad brought the best results Getting the email ID’s EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How Spamming is Performed (cont’d) • Rogue ISPs obtain their own network numbering and multiple domain names from the interNIC using which spammers manage to get across spam blocks • On-the-fly Spammers - Spammers register as genuine users for trial accounts with ISPs and use forged identities to start spam hits • Blind Relayers – Some servers relay a message without authentication which is send as genuine mail How Spam is Relayed • The subject line of the email is given as ‘Re: or Fw:’ assures the anti spam softwares that it is a genuine reply to users message • The spam message is enclosed as an image in the mail to make the anti spam software trust the source Getting passed the anti spam softwares  How Spamming is Performed Getting the Email IDs: It is important to have email IDs of the recipients to send spam emails. Spammers acquire email IDs using various techniques. Some of the techniques are described below:  The emails IDs can be obtained when the user registers for a free email service. A user gives away his/her personal information to access the newsgroups or mailing list. Spammers hack the information given by the user or even register to the site as a legitimate user and get the user’s email ID.  A software program, known as spider, is used by spammers, which searches the webpages for the code that will be in the form of email ID. If it finds the email ID code in the webpage, it copies into the database.  Email extraction software is used to search the intended email ID’s. The search engine in it is used to search for a particular set of people based on the keywords given. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3187 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. How is Spam Relayed:  Rogue ISPs use InterNIC (The Internet's Network Information Center) to obtain their own network numbering and multiple domain names. These domain names are used by the spammers to pass the spam blocks.  On-the-fly Spamming is a technique used by the spammers to register themselves as multiple users for a trial account with ISPs which are used for spam hits. Spammers change their account when the ISP hosts a spam run.  Blind relaters are relaying messages without authentication. The mails are routed through these servers by the spammers. The relay sends the mail, which appears to be genuine. Bypassing the Anti-Spam Software:  Spam emails can be delivered even if the user has the anti-spam software by using these techniques: o The subject line in the mail should start with FW: or Re: to convince the spam filters that the message is a reply for the user’s mail. o Sending the spam messages in the form of images to get through the spam filters. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Hacker Spamming Module XL Page | 3188 Ethical Hacking and Countermeasures v6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Ways of Spamming • It is a single message sent to 20 or more Usenet newsgroups • It robs users of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts Usenet spam • Email spam targets individual users with direct mail messages • Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses Email Spam Spam  Ways of Spamming Usenet Spam: In Usenet Spam, a single message is sent to 20 or more Usenet newsgroups. This form of spam is directed towards lurkers or any individuals who read the newsgroups and never reveal their email addresses. Usenet spammers reduce the utility of the newsgroups as they load newsgroups with large number of advertising, thereby reducing the ability of the administrators and managers of the newsgroup to run with the accepted topics. Email Spam: Email spam is targeted towards single or multiple users with direct addresses. Email spam lists are created by searching the Internet for addresses such as Usenet postings, blogs, and email discussions that are used by the public and private forums.