Upload
andrew-myintmyat
View
226
Download
0
Embed Size (px)
Citation preview
7/27/2019 CEHv6 Module 40 Spamming
1/61
Ethical Hacking and
Version 6
Spamming
7/27/2019 CEHv6 Module 40 Spamming
2/61
News
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.nzherald.co.nz/
7/27/2019 CEHv6 Module 40 Spamming
3/61
Module Objective
This module will familiarize you with:
Spamming
Techniques used by Spammers
How Spamming is performed
Types of Spam attacks
Bulk Emailing Tools
Anti-Spam Techniques
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Anti- Spamming Tools
7/27/2019 CEHv6 Module 40 Spamming
4/61
Module Flow
Spamming Types of Spam Attacks
Bulk Emailing ToolsTechniques used by
Spammers
How Spamming isPerformed
Anti- Spam Techniques
Ways of Spamming Anti- Spamming Tools
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
5/61
Introduction
Spamming is populating the users inbox with unsolicited or junkema s
Spam email contains malicious computer programs such as viruses andro ans w c c ange e compu er se ngs or rac e sys em
S ammin is also used for roduct advertisements
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
6/61
Techniques Used by Spammers
Spoofing the domain:
Message appears to be from users own domain
Poisoning or spoofing filters:
on o nv s e ex or num er ng n message
Social Engineering:
information
Directory harvesting:
By sending messages to possible addresses and then building a list of validemail addresses through non-delivery reports
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Convinces the user that the mail is sent by a trusted source
7/27/2019 CEHv6 Module 40 Spamming
7/61
Techniques Used by Spammers
It installs Trojan horse and viruses that malfunctions host computer
Using innocuous words (ham words) in a SPAM, thereby effectively
poisoning the database in the long run
a a ase o son ng:
Hiding spam words by inserting invalid HTML tags in between words
Junk Tags:
Spam word like mortgage etc. are masked by inserting special
Invalid Words:
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
characters or junk characters in between
7/27/2019 CEHv6 Module 40 Spamming
8/61
How Spamming is Performed
Getting the email IDs
Spammers get access to the email IDs when theuser registers to any email service, forums, or
as genuine users Spiders are used which searches the code in web
pages that looks as email IDs and copies it to thea a ase
E-mail extraction tools that have built in searchengines to find email IDs of companies based onthe ke words entered are used
On-line Ad Tracking tools help the spammers toanalyze details of the number of users whoopened the spam mails, the responses to it, and
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
9/61
How Spamming is Performed
How Spam is Relayed
Rogue ISPs obtain their own network numbering andmultiple domain names from the interNIC using whichspammers manage to get across spam blocks
On-the-fly Spammers - Spammers register as genuineusers for trial accounts with ISPs and use forgedidentities to start spam hits
Blind Relayers Some servers relay a message withoutaut entication w ic is sen as genuine mai
Getting passed the anti spamsoftwares
The subject line of the email is given as Re: or Fw:assures the anti spam softwares that it is a genuinereply to users message
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
to make the anti spam software trust the source
7/27/2019 CEHv6 Module 40 Spamming
10/61
Ways of Spamming
Usenet spam
It is a single message sent to 20 or moreUsenet newsgroups
overwhelming them with a barrage ofadvertising or other irrelevant posts
Email spam targets individual users with
Email Spam
Email spam lists are often created by
scanning Usenet postings, stealingInternet mailing lists, or searching the
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
We or a resses
7/27/2019 CEHv6 Module 40 Spamming
11/61
Spammer: Statistics
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.spamhaus.org/
7/27/2019 CEHv6 Module 40 Spamming
12/61
Worsen ISP: Statistics
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.spamhaus.org/
7/27/2019 CEHv6 Module 40 Spamming
13/61
Top Spam Effected Countries:
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.spamhaus.org/
7/27/2019 CEHv6 Module 40 Spamming
14/61
Types of Spam Attacks
Hidden text & links
Making the text look same as the back ground color
Double tags
Giving duplicate title tags and Meta tags
Cloakin
This is done by showing different pages to search engine and users
Wikis are used to add or update the content of any page on thewebsite
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
which hunt out blogs and then post keyword text links
7/27/2019 CEHv6 Module 40 Spamming
15/61
Types of Spam Attacks (contd)
In this type of spamming, emails containing only images withoutany text are sent by spammers to evade security systems/controls
Hijacking/pagejacking
redirected page
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
16/61
Spam
u ma ng oo s
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
17/61
Fairlogic Worldcast
Fairlogic Worldcast bulk emailing tool is acustomized mailer and also an address validator
It detects many common bad addresses existingon e ma ng s s
It provides a detailed logs of the entire deliveringprocess and reports if there is any kind of error
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
18/61
Fairlogic Worldcast: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
19/61
123 Hidden Sender
12 Hidden Sender sends absolute anon mous bulk emails
The IP address is not shown in the email headers
ISP service is not lost
Bulk
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
20/61
123 Hidden Sender: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
21/61
YL Mail Man
YL Mail Man is a flexible email addressesmanagement and email delivering software
It helps companies or shareware authors to
organize and manage large volumes ofcustomer ema a resses an contact t em yemail in simple steps
It also has import & export function and aduplicate email addresses remover
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
22/61
YL Mail Man: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
23/61
Sendblaster
Bulk email software for email marketing, which allows tocommun cate w t customers an r en s
-database and integrating with the web site mailing list
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
24/61
Sendblaster: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
25/61
Direct Sender
send unlimited numbers of personalized e-mail messages using any kind of database
The bulk rocess sends u to 100simultaneous emails directly to recipients
Millions of customized emails in HTML orplain format can be send, with or withoutattachments and without overloadin ISP's
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
servers
7/27/2019 CEHv6 Module 40 Spamming
26/61
Direct Sender: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
27/61
Hotmailer
,
finder, and verifier
It can efficiently search large amount of e-mailaddresses from a mail server in a short time
With built in SMTP server, it will connect to theremote server and post email addresses forverification
If the email address is valid, Hotmailer willautomatically send the mail
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
28/61
Hotmailer : Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
29/61
PackPal Bulk Email Server
PackPal Bulk Email Server is a safe and fast bulk email sender
It can run as a background service
Features:
Super Bulk Email Marketing tool
There is no limit on the amount ofmessages send through the bulk emailserver
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
30/61
PackPal Bulk Email Server:
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
31/61
IEmailer
IEmailer is a bulk email marketing software which is safe to usesince it does not use or go through the local ISPs email server
It simulates the sendin of the email messa es to the server ouchoose, the same one you are verifying email addresses on
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
32/61
IEmailer: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
33/61
-
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
34/61
Anti-Spam Techniques
Techniques used to eliminate spam are:
Messages received are checked to match certain patterns
Heuristic/Signature-based Content Filtering
higher, then the email is an undesired email
Bayesian Content Filtering It filters and sorts the emails into different folders based on the
good and undesired mail feed to it
Many users share their judgment about what is a desired mail andundesired mail
Ever time the user receives a mail a s ecial a lication su est
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
whether it is SPAM or not
7/27/2019 CEHv6 Module 40 Spamming
35/61
Anti-Spam Techniques (contd)
Black Listing (RBL)
It uses various spam detection tools, to report bad-behavior IPaddress as a list The information is collected and stored in a database to filter
the spam email based on this information
White Listing
It accepts all the emails from certain IP addresses No other filters can stop an email once it is accepted
It does not accept the messages from IP address which are not
Greylisting
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
previously successfully connected to the mail server
7/27/2019 CEHv6 Module 40 Spamming
36/61
Anti-Spam Techniques (contd)
Sender Policy Framework
To prevent the sender address forgery, SPF proposes
valid email sender register i.e. the IPs of the machinesthey send email from, using extended DNS records
It is used to add the spam IP addresses to a local block
list
DNS-based Block Lists
It supports callbacks which verifies the sender of a
MX Callbacks
It responds slowly to connected mail servers by using
Teergrubing
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
multi line SMTP responses
7/27/2019 CEHv6 Module 40 Spamming
37/61
Anti-Spam Techniques (contd)
Reputation Control
It analyzes the email sent by thesender and assigns a score-
score improves, if not - the scorereduces
This software blocks SMTP sessions
Transparent SMTP Proxy
-the NA(P)T router
It acts like proxy, interceptingout oin SMTP connections and
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
scanning session data on-the-fly
7/27/2019 CEHv6 Module 40 Spamming
38/61
Anti-Spamming Tools
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
39/61
AEVITA Stop SPAM Email
AEVITA Stop SPAM Email helps to hide email addresses fromspam ots
It will replace all the email addresses on the page with specifically
It introduces codes that spambots block, which a normal mailing
program ignores
It even stops spammers from getting a large list of email addresses
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
AEVITA Stop SPAM Email:
7/27/2019 CEHv6 Module 40 Spamming
40/61
AEVITA Stop SPAM Email:
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
41/61
SpamExperts Desktop
SpamExperts Desktop works as a spam filter with any email program
It is not dependent on keywords list to detect spam, but checks the
It also checks for filtering spam in background, and also maintains
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpamExperts Desktop:
7/27/2019 CEHv6 Module 40 Spamming
42/61
SpamExperts Desktop:
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
43/61
7/27/2019 CEHv6 Module 40 Spamming
44/61
SpamEater Pro: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
45/61
SpamWeasel
SpamWeasel removes the spam before it gets into the inbox
It either deletes or archives the suspected spam mail which entersusers mailbox by placing a warning message
SpamWeasel supports multiple POP accounts
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
l h
7/27/2019 CEHv6 Module 40 Spamming
46/61
SpamWeasel: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
h
7/27/2019 CEHv6 Module 40 Spamming
47/61
Spytech SpamAgent
Spytech SpamAgent is a powerful email monitoring and filtering tool which
It contains filters which block unwanted and spam mails getting into theinbox
It filters based on the sender, recipient, subject, body, as well as attachmenttype, forwards, and more
Spytech SpamAgent removes the spam mails from the mailbox but deletes itonly after users acceptance
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
S h S A S h
7/27/2019 CEHv6 Module 40 Spamming
48/61
Spytech SpamAgent: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
A ti S i
7/27/2019 CEHv6 Module 40 Spamming
49/61
AntispamSniper
AntispamSniper integrates with Outlook Express to filter incoming
It moves the spam mails into junk mail folder which allows user to
Spam filtering techniques include filtering attachments, customizable, ,
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
A ti S i S h t
7/27/2019 CEHv6 Module 40 Spamming
50/61
AntispamSniper: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
S R d
7/27/2019 CEHv6 Module 40 Spamming
51/61
Spam Reader
S am Reader is an anti-s am add-on for Microsoft Outlook
It automatically scans the inbox messages for spam and filters intothe spam folder
Spam Reader uses a Bayesian engine which distinguishes betweenspam or good mails
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
S R d S h t
7/27/2019 CEHv6 Module 40 Spamming
52/61
Spam Reader: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spam Assassin Proxy (SA) Proxy
7/27/2019 CEHv6 Module 40 Spamming
53/61
Spam Assassin Proxy (SA) Proxy
Spam Assassin Proxy is based on open source software
It runs on the local proxy server which is situated between emailprogram and POP3 mail account
Spam Assassin Proxy uses Bayesian filtering which is accurate anddetects new spam
It does not delete spam but marks it
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SA Proxy: Screenshot
7/27/2019 CEHv6 Module 40 Spamming
54/61
SA Proxy: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
MailWasher Free
7/27/2019 CEHv6 Module 40 Spamming
55/61
MailWasher Free
MailWasher Free is used as a spam detection and mail preview tool
found
There are 3 levels of spam detection where the user can specifys er own ers
It allows to create the users own spam filter
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
MailWasher Free: Screenshot
7/27/2019 CEHv6 Module 40 Spamming
56/61
MailWasher Free: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spam Bully
7/27/2019 CEHv6 Module 40 Spamming
57/61
Spam Bully
S am Bull is an anti-s am tool for MS Outlook
It removes 99 percent of the spam mails from the inbox
Spam Bully moves all spam messages into the spam folder which can bepermanently deleted
It can also bounce messages from known spammers, query emails sentfrom unfamiliar emails, block selected attachments types, and more
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spam Bully: Screenshot
7/27/2019 CEHv6 Module 40 Spamming
58/61
Spam Bully: Screenshot
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
7/27/2019 CEHv6 Module 40 Spamming
59/61
Summary
Spamming is all about populating the users inbox with unsolicited or junkema s
Spammers gets access to the email IDs when the user registers to any emailservice forums or blo s b hackin the information or re isters as enuineusers
Spiders are used which searches the code in web pages that looks as email
The spam message is enclosed as an image in the mail to make the anti spam
AEVITA Stop SPAM Email helps to hide email addresses from spambots
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
60/61
EC-CouncilCopyright byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
7/27/2019 CEHv6 Module 40 Spamming
61/61
EC-CouncilCopyright byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited