There are many factors that affect a Web site’s ranking on a search engine, and for this reason, search engine optimization (SEO) services exist. Spammers claim that they can provide SEO services for a site and promise to improve that site’s ranking in Internet searches in as little as a couple of days or weeks. Posting spam comments is one of the most common tricks they use.
• Dictionary attack: Cyber-criminals can use CAPTCHA-breaking techniques to guess the passwords of legitimate account logins. A CAPTCHA is often used after a certain number of attempts have failed to ensure the user is a person and not a bot. In this way, using a CAPTCHA during login is intended to deter dictionary attacks. However, with the CAPTCHA broken, cyber-criminals can use dictionary attacks to find a password much more quickly, although some account login systems have a maximum password failure attempt set to safeguard against this.
What is the impact on the underground “shadow” economy The multi-billion dollar market of the online underworld has brought together different players in one environment to test their techniques, trade exploits and malware and launder stolen identities online and offline. Consequently, this dark economy has many of the attributes we recognize from the world economy. The cyber-criminals are working hard to find new techniques to expand their shady businesses while in the meantime, they are continually trying to find better ways to make more money, beat the competition and stay in business while evading detection.
“Freelancer” Web sites and online forums have become popular platforms where malware writers and CAPTCHAbreakers can easily find buyers and coders for their services and vice versa. The chance of being caught is often very small. Spammers find the CAPTCHA-breaking techniques extremely useful for a variety of applications, which is why many criminals and spammers trade on these Web sites to expand their businesses.
In the following example, one search for CAPTCHA-breaking services yielded hundreds of typical cases in point.
“Freelancer” Web site offering CAPTCHA-breaking services With this approach, spammers don’t have to know how to break CAPTCHAs, all a spammer needs is to establish a budget and wait for the bids to roll in.
Typical advertisement for accounts created using CAPTCHA-breaking tools Moreover, with little or no honor among thieves, these sites also provide escrow payment facilities to safeguard the interests of both buyers and sellers (for about 2-3%).
Online Hosted Applications and Spam Having realized that the domain names they previously bought were getting blacklisted quickly, the spammers tapped into what may be considered the perfect way to spam, using links to domains belonging to major, reputable, Web-based email and application service providers, which is not blocked by traditional spam filters.
In this way the spammer is actually creating what looks like spam content in the hosted application content. This isn’t a spam Web site in the traditional sense, rather an advertisement in the document for the real Web site they want the recipient to visit.
Example of spam that contains link to an online hosted document This technique is successful because recipients typically don’t block mail based on the presence of URLs associated with major, reputable, Web-based email and application service providers, so the spam has a better chance of reaching the recipients’ inboxes. A large proportion of today’s spam-blocking is achieved by recognizing bad URLs in emails.
Using hosted documents in this way help to ensure the spam won’t be blocked based on its URL alone. Blocking such domains from Web browsing traffic will almost certainly result in significant collateral damage.
By mid-2008, spammers had routinely abused many Web-based service providers, notably Web-based applications that could be used for creating and sharing documents online and for creating personal blog sites and Web pages. The distinct advantage to the spammer being that it becomes harder for traditional anti-spam countermeasures to block the spam emails based on the links it contains, since each link uses the reputable domain name of a hosted application service provider.
In July 2008, spammers began abusing the Web-based tools of one major provider that enabled novice users to generate a wiki-like Web page very easily, but the additional benefit for spammers was that the resulting URL contained in the spam messages would be harder for traditional signature-based anti-spam tools to block for the aforementioned reasons.
Example of hosted Web site created using free online wiki-like tools The technique again relied on the use of accounts at the Web-based application service provider, which were created programmatically by defeating the CAPTCHA checks. The resulting spam contained links to these reputable domains.
Often the URLs would be created using meaningful names, or even their account holders’ names, which could be identified as spammer accounts, but some Web-based applications could be harder to block when URLs were simply composed of strings of seemingly random letters and numbers coupled with the provider’s domain name.
Another similar approach is the use of legitimate free image-hosting sites to host images that would be included in HTML spam email messages, a technique used for some image-based stock spam sent in late 2007. However, by August 2008, MessageLabs Intelligence found the first examples of images, hosted through mainstream application service providers who facilitate the uploading and sharing of Web-based picture albums. These appeared in both spam and malware emails and the accounts used to host the images were again generated programmatically to defeat the CAPTCHA defenses.
The use of these images in the spam message is simple: First, a Web album is created using an account at the online provider and the images are subsequently used in spam emails. The location of the image is taken from its properties, which includes the reputable domain name of the provider, and then included in the HTML spam email.
Once again, this makes it much harder for anti-spam tools to block emails based on the URLs they contain, without causing significant impairment to other legitimate users.
Furthermore, the creation of spam blogs has increased in number as spammers have found it easier to obtain CAPTCHA-breaking tools that can be used to create free blogging sites used to host the spam content. One major hosted application service provider that allows users to create their own blogs had been targeted by spammers in the past, but was being more aggressively targeted again by spammers armed with CAPTCHA-breaking tools in October 2008.
Spam messages that contained links to seemingly innocuous blogging sites would after a few seconds redirect automatically to the spammers’ real sites.
Free blog hosting sites were being targeted more aggressively by spammers using CAPTCHA-breaking tools to create fake profiles containing spam content. Links to these profiles are then distributed in spam messages.
For many businesses this could present particular challenges, for example, where the reputable blogging domain is used to host pornographic content. Policy-based filtering rules may not offer any protection against users visiting these sites when clicking on a link, as the reputation of the domain may be considered trustworthy.
Example of free blog site hosting adult content, linked from spam email 3.2.2 Social Networking Spam As the saying goes, “It’s good to talk,” but in business it also depends on what you’re saying and who you’re saying it to.
This simple statement has been proven true during 2008, as many popular social networking sites sought to democratize cyberspace. Many businesses struggled with the concept of social networking, much in the same way that they found it difficult to come to terms with blogging and podcasting only a few years ago; balancing its benefits with its risks.
In 2008, the threat posed by spammers and cyber-criminals targeting social networking environments became very real.
Social engineering techniques were adapted to these new mediums, transforming the art of deception into fully scalable business models within the shadow economy.
Fake profiles of glamorous celebrities or figures of royalty began to appear, making headlines in 2008. And with social networking becoming so widespread it raised the question as to whether such spoofing could also happen in the corporate environment. When it comes to identity fraud, social networking profiles are highly prized by cyber-criminals and attacks against them present a major risk. Recent MessageLabs Intelligence reveals this is indeed happening.
However, most profiles may not attract as much media attention as a major celebrity.
Example of phished profile used to post spam comments to a friend’s wall Social bookmarking sites are being similarly targeted. Once an invitation to befriend a spammer has been accepted, they are able to exchange links to Web sites. The danger is that users may not even know what that site is until it has loaded, potentially carrying a harmful payload.
Spammers have found other uses for the valid email addresses created using CAPTCHA-breaking tools, by linking these valid email addresses to fake accounts created on social networking sites. By manipulating search engine rankings, these profiles are subsequently promoted in online search engines, such that they often appear on the first page of many results, until the social network provider can disable the account, or the search engine can isolate it.
Toward the end of 2008, many users of popular social networking sites were receiving “buddy” requests from fake profiles wishing to connect with them. This approach works well because traditional anti-spam solutions are unable to differentiate between these requests and genuine ones. The buddy requests appeared genuine as they originate from the real social networking site and consequently their headers would be intact and correct.
…Kar[redux] has added you as a friend on [social network]… …Bre[redux] has added you as a friend on [social network]… Friend requests sent from fake social networking profiles Moreover, the email addresses attached to the fake profiles were valid, albeit they were created fraudulently using CAPTCHA-breaking automation tools. Often, the only visible clues may sometimes be the random arrangement of letters in the user name portion of the email address, or the appearance of a first name combined with a last name and some random numbers.
This makes it harder for users to distinguish between genuine requests from other users, and those from fake profiles generated automatically by spammers. A level of discretion is almost certainly called for, and businesses should consider these issues when raising awareness of these potential threats with their employees.
Having an acceptable usage policy relating to social networking is important for any Internet-connected business. It is also important to consider the balance between the technology used for monitoring and implementing these policies, and the level of internal education required to raise awareness of the risks associated with being online.
3.2.3 IM Spam and Malware An account with many free, reputable Web-based email and application service providers not only provides free email access, but also access to the networks’ Instant Messaging (IM) cloud. Accounts created automatically using CAPTCHA-breaking tools will nevertheless have access to these services as well.
In the example below, it can be seen how the automatic process of creating the account combines dictionaries of first names and last names with numbers to generate a unique account handle. These accounts are then used not only for sending authenticated spam through the service, but also for launching instant messenger texts baiting recipients into visiting potentially harmful websites.
S pam m er’s IM ac c ount c reate d autom atic ally from c om bin atio n of firs t and las t n am es and num bers IM c ontains links to s pam m er’s W ebs ite URLs sent by IM is 1 in malicious Example of IM spam containing links Further analysis of links contained in instant messages during the second half of 2008 suggested that 1 in 200 (0.5%) links transmitted in this way were links to malicious Web sites, harboring malicious content.
3.2.4 Botnets – evolutions (part 1: spam) In 2007, botnets became the dominant force in terms of distributing not only spam, but also malware and phishing scams. In 2008, botnets were responsible for around 90% of all spam emails and one botnet in particular, Storm, acted as the vanguard.
Spam Operations Disrupted in During the first quarter of 2008, the volume of spam emanating from the Storm botnet accounted for approximately 20% of all spam; one in every five spam messages sent. But Storm received a major blow in March 2008, when its capacity was reduced to about one fifth of its original size when Microsoft further targeted the malware in its Malicious Software Removal Tool update service in April, causing Storm to diminish from an estimated 2-million nodes, to about 100,worldwide. Thus the spam torch was passed to a newer, rival botnet called Srizbi, its name based on the characteristics of one of the Web sites from which it downloaded its configuration data.
Материалы этого сайта размещены для ознакомления, все права принадлежат их авторам.
Если Вы не согласны с тем, что Ваш материал размещён на этом сайте, пожалуйста, напишите нам, мы в течении 1-2 рабочих дней удалим его.