Spam: characteristics and types.
Spam is unsolicited email, normally with an advertising content sent out as a mass mailing.
The term spam is derived from spiced ham, the first tinned meat product that did not need to be kept in a refrigerator. Its use spread as a result, becoming part of the communal meals of the United States and Russian armies during the Second World War.
Later on, in 1969, actors from Monty Python acted out a sketch in which customers in a restaurant tried to choose from a menu where all the dishes contained… spam, while a group of Vikings chanted “spam, spam, spam, lovely spam, wonderful spam”. In short, spam appeared everywhere and drowned out all the other conversations.
For historical purposes, the first documented case of spam is a letter sent in 1978 by the company Digital Equipment Corporation. This company sent an advertisement about its DEC-20 computer to all ArpaNet users (precursor of the Internet) on the west coast of the United States. However, the word spam was not coined until 1994, when an advertisement appeared in Usenet from the lawyers Lawrence Cantera and Martha Siegel. It provided information about their service for completing entry forms for United States work permits. This advertisement was sent using a script to all the discussion groups back then.
Some of the most common characteristics these types of email messages have are:
- The address that appears as that of the message sender is unknown to the user and is quite often spoofed.
- The message does not often have a Reply address..
- An eye-catching subject is presented.
- It has advertising content: website advertisements, ways to make money easily, miracle products, property offers, or simply lists of products on special offer.
- Most spam is written in English and comes from the United States or Asia, although spam in Spanish is also now becoming common.
Although this type of malware is normally spread via email, there are variants, each with their own name according to their distribution channel:
- Spam: sent by email.
- Spim: specific to Instant Messaging applications (MSN Messenger, Yahoo Messenger etc).
- Spit: spam over IP telephony. IP telephony consists in using the Internet to make telephone calls.
- Spam SMS: spam designed to be sent to mobile devices using SMS (Short Message Service).
Spam is a phenomenon which is increasing daily, representing a high percentage of all email traffic.
What’s more, as more effective solutions and technologies emerge to tackle spam, spammers (malicious users exclusively devoted to sending spam) become ever more sophisticated and modify their techniques in order to avoid the countermeasures deployed by users.
How does it work? How is it distributed?
Obtaining email addresses
Spammers try to obtain as many valid email addresses as possible, i.e. actually used by users. They use different techniques for this, some of which are highly sophisticated:
- Mail lists: the spammer looks in the mail list and notes down the addresses of the other members.
- Purchasing user databases from individuals or companies: although this type of activity is illegal, it is actually carried out in practice and there is a black market.
- Use of robots (automatic programs) that scour the Internet looking for addresses in web pages, newsgroups, weblogs, etc.
- DHA (Directory Harvest Attack) techniques: the spammer generates email addresses belonging to a specific domain and sends messages to them. The domain mail server will respond with an error to those addresses that do not actually exist, so the spammer can discover which addresses generated are valid. The addresses can be compiled using a dictionary or through brute force, i.e. by trying all possible character combinations.
Consequently, all email users are at risk from these types of attacks. Any address published on the Internet (used in forums, newsgroups or on any website) is more likely to be a spam victim.
Spammers use numerous techniques to produce messages capable of by-passing all types of mail filters. Some of the tricks used to obscure the message’s HTML code are looked at below:
- Division of message subject line using bogus line breaks:
Subject: =?utf-8?q?Identical drugs -- l?=
=?utf-8?q?ittle monetary valu?=
- Use of null characters (Quoted-Printable type encoding):
- Interchanging letters in the words used. The message is still legible to the recipient, but the filters do not recognize the words used:
I finlaly was able to lsoe the wieght I have been sturggling to
lose for years! And I couldn't bileeve how simple it was! Amizang
pacth makes you shed the ponuds! It's Guanarteed to work or your
- Inverting text using the Unicode right-to-left override, expressed as HTML entities (? y ?):
Your B‮na‬k C‮dra‬ Link‮ni‬g
(Your Bank Card Linking)
- Encapsulating a <map> tag with an HREF tag, so that a legitimate URL appears instead of a malicious one.
<area coords="0, 0, 623, 349" shape="rect" href="<URL_MALICIOSA>">
<img SRC="<img_url>" border="0" usemap="#FPMap0">
- Use of ASCII characters to “design” the message content:
Although some of the techniques used have now been mentioned, there are many more, such as the use of incorrect HTML tags, URL encoding, the use of HTML entities to conceal certain letters, the use of invisible ink, etc.
Other types of techniques are based on including the spam message as an attached file in a valid message or the use of CSS (Cascading Style Sheets) in spam messages to conceal certain words or parts of the message.
Methods used for spam distribution are as follows:
- Vulnerable or poorly configured mail servers (Open Relay) which allow any user to send messages without checking their sender (which will normally be spoofed).
- Computers affected by malware: certain types of malware facilitate the sending of spam through affected computers, such as the installation of proxy. servers. It is even possible to rent botnets, real computer networks affected by bots (hybrids of worms, Trojans y backdoors).
The damage caused by spam.
The main damage caused by receiving spam can be classed as direct damage :
- Loss of productivity.
- Use of corporate network resources: bandwidth, disk space, mail saturation etc.
And indirect damage, such as:
- The risk of sending spam under your name or from your PC or domain, by being identified as spammers by the servers that have been sent spam without knowing it.
- Some important valid messages may be deleted erroneously when eliminating spam quickly.
Spam may also serve as a propagation method for an even greater danger: malware. It may be used to distribute malware that does not have its own means of propagation: Trojans, keyloggers, backdoors etc.
In a spam mail, it is very easy to include an attachment with a virus or a link to a site (apparently interesting), from which some type of malicious code is downloaded without the user knowing. Viruses can also be concealed in the message code.
The damage caused by spam is extensive, and even more so in a corporate environment where the economic repercussions can be enormous. As a result, it is crucial that legitimate messages reach their destination, while spam must be blocked. It appears obvious that protection against spam, particularly at a corporate level, should be a top priority.
This type of malware exists purely for financial reasons. Sending an email message to promote all types of services, products, frauds and swindles is incredibly cheap, with substantial profits being obtained from convincing only a very small percentage of users to buy the product or service.
How can I protect myself against spam?
The mail message filter is a basic measure to prevent spam entering users’ mail boxes. There are many applications that can filter emails by message, keywords, domains, IP addresses from where the messages come from, etc.
For companies, rather than simply being able to identify spam messages correctly, the problem depends on adequately managing the large quantities of messages of this type that are received daily. Consequently, the tools to be used should take into account other factors.
The best anti-spam systems should be based on more than just one technology. They should use diverse techniques (heuristic rules, Bayesian filters, white and black lists, digital signatures, sender authentication, etc) which achieve the basic aim of reducing false positives to a minimum and therefore eliminate the possibility of a user losing a message as a result of a system error, maintaining a high degree of efficiency in spam detection in the process.
Panda Security has a complete range of technological solutions. These solutions are varied and adapted to the needs of each client, from the domestic user to the business environment, offering comprehensive centralized protection for all network layers: workstations, mail and browser servers and corporate firewalls.
Also, take into account the following guidelines for protecting yourself against spam and minimizing its effects:
- Do not publish your personal email addresses in any public site, such as web pages for example.
- Never click on the “unsubscribe” link in a spam message. All this will do is let the spammer verify that your email address is active.
- Never reply to a spam message.
- Do not resend chain letters, requests or dubious virus alerts.
- Do not open the spam message.
- Disable the Preview Pane of your email client.
- Do not purchase products offered to you through unsolicited emails.
- Have various email accounts, and use them for separate purposes: personal, work, etc.
- Use an anti-spam filter or an anti-spam solution.
- Install an antivirus solution.
- Install content filter software.
Panda Security offers various solutions to safeguard your computer from crimeware, as well as from other threats like viruses, hackers or phishing.
The main threats we face are:
Security Threats to mobile devices(Smartphones, PDA) are on the rise, as more sensitive information is stored on them.
Malware evolves to focus on obtaining financial returns
Malware is hidden to increase its useful life span and avoid detection.
All you need to know to understand viruses and other malware.
Spyware is perhaps the most worrying of all IT threats, as it intrudes on your privacy without you realizing
Have you received an email message from your bank, in which you are asked to verify your account details?
Miracle products? Make money easily? Unbeatable mortgage terms? Spam, spam, wonderful spam.
Thanks to Collective Intelligence, Panda's exclusive cloud-computing technology, the company's 2010 solutions leverage the knowledge gathered from the community of millions of Panda users around the world. Each new file received is automatically classified within six minutes and the Collective Intelligence servers classify more than 50,000 new malware samples every day. These technologies correlate information on malware received from each computer to continuously improve the protection level for the worldwide community of users. Panda's 2010 solutions have continuous, real-time contact with this vast knowledge base allowing the company to offer users the fastest response against the new malware that appears every day.
The Cloud Security Company
Founded in 1990, Panda Security is the world's leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 56 offices throughout the globe with US headquarters in California and European headquarters in Spain.