Tech News - January 2006

All about SPAM, (NOT IN THE CAN)

By Jeremy Robertson

Spam is getting to the point and has been for a long time where it is almost not worth getting on the internet. Everybody know the stuff I’m talking about. You open your email and it’s chalked full of advertisements for everything from a credit card to a mortgage, From a Dell to Porn. No matter how hard we try we can’t seem to stop the spammers. So in this letter I am going to explain spam, and maybe after you understand it you will be better equipped to handle it.

In a single day, one internet provider (AOL) said to have blocked 2 billion spam messages -- 88 per subscriber -- from hitting its customers' e-mail accounts. Microsoft (MSFT), which operates No. 2 Internet service provider MSN plus e-mail service Hotmail, says it blocks an average of 2.4 billion spams per day. According to research firm Radicati Group in Palo Alto, Calif., spam is expected to account for 45% of the 10.9 trillion messages sent around the world in 2003.

Here is one that came to my E-mail recently. This one is a good example to break down because it is a perfect example of a classic spam tactic. By the way techie is the beginning of my E-mail address

________________________________________________________________________

FROM: Alexis Lusk (tkuzmanovic@jubanka.com)

SUBJECT: Re: techie       

Good day to all broker's, Day Trader's and Investor's World stock report has 

become famous with some great stock picks in the otc , small cap market's!!!

Here at World Stock Report we work on what we here from the street. Rumor's 

circulating and keeping the focus on the company's news. We pick our companies

based on there growth potential. We focus on stocks that have great potential 

to move up in price!!! While giving you liquitity.

OUR LATEST PICK IS NCSH.

Trade Date: Wednesday, July 5, 2006

Symbol: NCSH

Current Price: $0.80

Status: Buy Strong

<For Latest stock quotes CLICK HERE>

I have removed all hyperlinks from the mail since I don’t want anyone to accedently click on one.

But we are going to dissect this mail and really understand what makes it tick.

1st Thing a good spammer will do is pull your email address Ex. Someone@somewhere.com They will 

put a RE: then your email address in the subject. This is to signify that they are replying to a 

message you sent. This is so you are you are more likely to open the message, because at this point 

it is pretty well unknowable whether or not this is spam. One of the problems with spam, and the 

reason why there is so much of it, is that it is so easy to create. Lets say you have a service

that you think you want to sell for $15.00. You send an email to 100 people in your personal 

address book, and out of that 100 people you get 2 people to order your product you made $30.00, Now 

you figure if you email 1,000 you could make $300.00 and it didn’t cost you a dime. 

As it turns out, there are hundreds of companies that will sell you CDs filled with millions of valid

 e-mail addresses. With Microsoft Word you could easily format those addresses into lines of 100 addresses

 each, and then cut and paste those lines into the "To:" field of any normal e-mail program. Every time

 you push the "Send" button, which would be about once every 5 seconds, you would make $10. You would be 

making something like $700 per hour.

Where does a company get millions of valid e-mail addresses to put on a CD to sell to you, you may ask. There are a number of primary sources.

The first is newsgroups and chat rooms, especially on big sites like AOL. People (especially first-time users) often use their screen names, or leave their actual e-mail addresses, in newsgroups. Spammers use pieces of software to extract the screen names and e-mail addresses automatically.

The second source for e-mail addresses is the Web itself. There are tens of millions of Web sites, and spammers can create search engines that spider the Web specifically looking for the telltale "@" sign that indicates an e-mail address. The programs that do the spidering are often called spambots.

The third source is specifically to attract e-mail addresses. For example, a spammer creates a site that says, "Win $1 million!!! Just type your e-mail address here!" In the past, lots of large sites also sold the e-mail addresses of their members. Or the sites created "opt-in" e-mail lists by asking, "Would you like to receive e-mail newsletters from our partners?" If you answered yes, your address was then sold to a spammer.

But probably the most famous way is a dictionary attack.

A dictionary attack utilizes software that opens a connection to the target mail server and then rapidly submits millions of random e-mail addresses. Many of these addresses have slight variations, such as "jdoe1abc@hotmail.com" and "jdoe2def@hotmail.com." The software then records which addresses are "live," and adds those addresses to the spammer's list. These lists are typically resold to many other spammers.

There are companies out there that specialize in selling spam for your business. You pay them so much and they send out thousands of spam messages on your behalf. I call this spam-retail.

Now that you know a little about how spam works now I will show you how to break apart the massage. You may be able to better equip your spam filters with this information. Let’s look at the message above. It says it is from Alexis Lusk (tkuzmanovic@jubanka.com) Now I will tell you how to do some spam detective work of your own. A web site called  whois.net is a good place to start. Just enter the name of the domain the email is coming from in the whois lookup box. This one is registered at networksolutions.com (one of the biggest domain resellers in the world) go to their site and type the domain into their whois lookup. You find a data page like this…..

________________________________________________________________________
 

This is a legit domain, But they have now website. This usually means that they only send spam. This could be a prime example of spam-retail.  

Next I wanna know if the person who sent this message is really from this domain. If using outlook express right click on the mail and go to properties, then click details. You will see something like this.

This gives you a lot of info about the message. For example the return path is the address that it should be returned to in case of a bounce back or a reply. If there is not a return path the mail dies if it reaches an address that doesn’t exsist or is rejected by a black list.

Received from section is the mail server that hosts the domain that the mail was sent from as well as the IP Address. If you where to filter any messages coming from this mail server then it is likely that you would stop a lot of spam. I must warn you about blocking spam at this level, If you successfully block a mail server NO ONE on that domain can sent you mail. This might help you in your fight against spam.

So I hope this article helps!!

Jeremy M. Robertson
Senior Technician
The Computer Generation Inc.