Spam Analysis Trends - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Spam Analysis Trends

Description:

Monitored spam arriving to yahoo! Mail and Gmail accounts for 10 days ... Gmail has a better Spam filtering system than Yahoo ... – PowerPoint PPT presentation

Number of Views:127
Avg rating:3.0/5.0
Slides: 15
Provided by: scienc66
Category:

less

Transcript and Presenter's Notes

Title: Spam Analysis Trends


1
Spam Analysis Trends patterns
  • Geetha Sanapala
  • Department of Computer Science Engineering
  • University of Nebraska, Lincoln

2
We all hate spam!!
  • No standard definition, most commonly known as
    Unsolicited Bulk E-mail (UBE)
  • Intent of Spammers
  • Marketing
  • Phishing/fraud
  • Malware
  • Why is it bad?
  • Bandwidth overload
  • Storage overload
  • Loss of end user productivity

3
419 Scams - Samples
  • Sample 1 Dear Winner, this is to inform you that
    your E-mail has won 500,000.00GBP) Five Hundred
    Thousand Great Britain Pounds and a newToyota
    Camry car 2007/2008 model in the Microsoft award
    promo.CLAIMS REQUIREMENTS1. Full names2.
    Residential address3. Phone number
    .
  • Sample 2 DEAR SIR/MADAM A PRIVATE BUSINESS
    PROPOSAL, I AM MR LARRY GANA THE MANAGER, BILLS
    AND EXCHANGE AT THE FOREIGN REMITTANCE DEPARTMENT
    OF THE ZENITH INTERNATIONAL BANK PLC. I AM
    WRITING THIS LETTER TO ASK FOR YOUR SUPPORT AND
    COOPERATION TO CARRY OUT THIS BUSINESS
    OPPORTUNITY IN MY DEPARTMENT. WE DISCOVERED AN
    ABANDONED SUM OF 15,000,000.00 (FIFTEEN MILLION
    UNITED STATES DOLLARS ONLY) IN AN ACCOUNT THAT
    BELONGS TO ONE OF OUR FOREIGN CUSTOMERS WHO DIED
    ALONG WITH HIS ENTIRE FAMILY OF A WIFE AND TWO
    CHILDREN IN NOVEMBER 1997 IN A PLANE CRASH. SINCE
    WE HEARD OFHIS DEATH, WE HAVE BEEN EXPECTING HIS
    NEXT OF KIN

4
  • Monitored spam arriving to yahoo! Mail and Gmail
    accounts for 10 days
  • 80 of traffic is generally Spam
  • Volume of Spam significantly increases over the
    weekends

5
  • Gmail caught more Spam than Yahoo
  • Spam mails that got past Gmails Spam filter are
    Nigerian scams
  • Yahoos Bayesian filters are not very efficient
  • Bayes' theorem, in the context of spam, says that
    the probability that an email is spam, given that
    it has certain words in it, is equal to the
    probability of finding those certain words in
    spam email, times the probability that any email
    is spam, divided by the probability of finding
    those words in any email

6
  • False positive is a genuine mail marked as Spam
  • Yahoo has higher false positive ratio
  • Most of the false positives from mailing lists,
    e-greetings, unicoded mails

7
Where does the Spam come from?
  • Used a parsing script to extract IP address from
    headers of sample Spams
  • Performed a whois query to determine origin of
    the Spam
  • US major contributor

8
Spam by category
  • Performed a category wise classification for 100
    spam samples
  • Medications Rolex watches contribute to the
    majority of Spam
  • Surprisingly no image/stock Spam

9
Spam report
  • Gmail has a better Spam filtering system than
    Yahoo
  • Average percentage of Spam in email traffic is
    more than 80
  • Nigerian scams generally slipping past the Spam
    filters
  • Majority of the Spam is originating in US
  • Unused mailboxes have relatively very few Spam
    mails
  • Leading Spam category is medications and health
    related products
  • Typical Spam patterns are
  • Mails dated with the year 2038
  • p/h/a/r/m/a/c/y, m/e/d/i/c/a/t/i/o/n ,
    m.e.d.i.c.a.t.i.o.ns p/r/e/s/c/r/i/p/t/i/o/ns
  • All URLs pointing to the same webpage
  • 2038 The SPAMs are dated 2036 to 2038 because
    these dates are at the top end of a signed 32 bit
    value for time (known as UNIX time), which is
    represented as the number of seconds since the
    beginning of 1970. Since a signed 32 bit number
    only goes to 2,147,483,648 (68 years) dates past
    2038 aren't valid.

10
A new approach of Spam filtering at server level
- Connection Stage
Format Reject IP 201.202.12.34 Allow DOMAIN
YAHOO.COM
RULES FILE
  • Rules File
  • Consists of Allow,
  • reject rules
  • Rules are based
  • On Source
  • Based Headers
  • like IP or Domain

SMTP
N
Accept
11
Spam
Non-Spam
RULES FILE
N
N
Y
Suspect
SMTP
CT
Email headers Sender 250 Reply-To 250 IP
600 Subject 250 URL 1000
Y
N
User settings
User Mailbox
Example Sender xyz_at_abc.com Count 0 Threshold 2
RULES FILE
12
Filtering techniques
  • Honeypots
  • IP Probing, blacklists, Apnic, Reverse DNS
  • Sender Call back verification, SPF
  • URLs SURBL
  • Subjects Regular expressions
  • Domain/Member complaints
  • Content based, MIME signatures

13
  • Call back A mail server can try to verify the
    address by making an SMTP connection back to the
    mail exchanger for it, pretending to be creating
    a bounce, but stopping just before any e-mail is
    sent. The commands sent out are
  • HELO
  • MAIL FROM
  • RCPT TO
  • QUIT
  • SPF Normal SMTP allows any computer to send an
    email claiming to be from anyone. SPF allows the
    owner of the domain to specify which machines are
    authorized to transmit emails for that domain.

14
Thank you!
  • Q?
  • A!
  • REFERENCES
  • http//gammadyne.com/spam.htm
  • http//googlesystem.blogspot.com/2007/10/h
  • ow-gmail-blocks-spam.html
  • http//en.wikipedia.org/wiki/Antispam_techniques_
    28e-mail29
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Spam Analysis Trends" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!