CSC474: Network Security

Transcription

1 CSC474: Network Security Lecture 20 Prof. William Enck Fall 2015 (Derived from slides by Micah Sherr and Adam Aviv)

2 Spam: Unsolicited The enemy: Spiced Ham 2004 study: 40% of traffic costs $10B in lost productivity 2009 study: 90% of traffic 2

3 Types of spam Unsolicited advertisements particularly for goods/services that are otherwise hard to come by prescription meds fake watches adult services also, legitimate goods/services, advertised through unscrupulous marketing campaigns 3

4 Types of spam Dear Sir, Having consulted with my colleagues and based on the information gathered from the Nigerian Chambers Of Commerce And Industry, I have the privilege to request your assistance to transfer the sum of $47,500, (forty seven million, five hundred thousand United States dollars) into your accounts. The above sum resulted from an over-invoiced contract, executed, commissioned and paid for about five years (5) ago by a foreign contractor. This action was however intentional and since then the fund has been in a suspense account at The Central Bank Of Nigeria Apex Bank. Scams 419 scams We are now ready to transfer the fund overseas and that is where you come in. It is important to inform you that as civil servants, we are forbidden to operate a foreign account; that is why we require your assistance. The total sum will be shared as follows: 70% for us, 25% for you and 5% for local and international expenses incidental to the transfer. The transfer is risk free on both sides. I am an accountant with the Nigerian National Petroleum Corporation (NNPC). If you find this proposal acceptable, we shall require the following documents: (a) your banker's name, telephone, account and fax numbers. (b) your private telephone and fax numbers for confidentiality and easy communication. (c) your letter-headed paper stamped and signed. Alternatively we will furnish you with the text of what to type into your letter-headed paper, along with a breakdown explaining, comprehensively what we require of you. The business will take us thirty (30) working days to accomplish. Please reply urgently. 4

5 Phishing: attempt to acquire credentials by forging message from a trusted authority Extremely effective! (esp. when considering the cost of sending spam) Often uses link manipulation or typo squatting or UTF8 domain names (IDN homograph attack) Types of spam 5

6 Types of spam Spear Phishing: targeted phishing at a specific individual often appears to be from person down the hall exploits innate trust, and lack of authentication very very effective 6

7 How spam works [K. Levchenko et al., Click Trajectories: End-to-End Analysis of the Spam Value Chain. Oakland 2011] 7

8 Why is spamming effective? Because it costs very little to send an and s aren t subject to access control (anyone can anyone else) and s aren t authenticated and blocking spam is a difficult problem and people are innately trusting 8

9 Case study: Is spamming actually effective? Are spammers rich? 9

10 Motivation [Spamalytics: An Empirical Analysis of Spam Marketing Conversion; Kanich et al., CCS08] "Spam based marketing is a curious beast" Despite anti-spam technologies, ~90% of is spam Someone must be buying! What are the economics that drive this business? How much money do spammers make? What percentage of spam s result in a sale? How does one measure this? Become a spammer... 10

11 Storm Worm One of the most studied Botnets P2P: Overlayed on top of Kademlia DHT Three main tasks Spam Propagate/spread Denial of Service 11

12 Storm Architecture Botmaster Master Servers Proxy Bots Worker Bots 12

13 Spamalytics [Spamalytics: An Empirical Analysis of Spam Marketing Conversion; Kanich et al., CCS08] Methodology Researchers participated in Storm as Proxy Bots De-fanged malware Replaced site-links with their own What can you know from that vantage point? 1. How many spam s were sent 2. How many reach destination 3. How many people went to the site 4. How many sales per (conversion rate) 13

14 Spam Template On the Spam Campaign Trail Kriebich et al. [LEET'08] 14

15 Campaigns Links to pharmaceutical sites Conversion occurred at "checkout" -- but researchers didn t go so far as to collect CC info 15

16 How many s got there? 16

17 Conversion Results 17

18 How much do spammers make? Conversion rate of % $2, ~ $100/day for measurement period Estimated total daily revenue: $7,000/day (investigators only could rewrite 1.5% of spams) $3.5m/year revenue estimated $1.75m/year profit Cost to spammer Previous estimates: $25,000 to send 350M s Must be less 18

19 How can spammers afford this? Must be a larger enterprise then first thought. Third party renters fee-for-service Vertically integrated business model Spam and Extortion Work with real pharmacy companies Also suggests that spammers are sensitive to cost changes 19

20 Attacking Spam Potential approach: harm spammers bottom lines by increasing their costs Spammers rely on only a few merchant banks Levchenko et al.: If CC companies refused to settle certain transactions from these banks, the banks would be more inclined to scrutinize their clients (i.e., the spammers) 20