|

Sonicwallonline.co.uk

10 Sneaky Things a Spammer Will Do
Just when you thought your inbox was safe…
Table of Contents
The Never Ending Growth of Email Spam A Reason for Spam and a Reason for More Spam 1 – Botnets, Zombies and You 2 – Borrowing a Reputation 3 – Spammers Can Authenticate Too 4 – Word Salad 5 – Light Reading 7 – If Only I Could Spell 8 – How to Spell /!AGr/- 9 – What You See Isn't What You See 10 – Social Engineering Beating the Sneaky Spammer SonicWALL Anti-Spam/Email Security Solutions

The Never Ending Growth of Email Spam
Email spam—we hate it. Virus Spam
Phish Virus
It wastes time, takes up disk space and can even slow down the network when things get bad. Virus Policy
Phish Spam NDR
There are hundreds of companies that make a living out Phish DoS
of stopping spam—or at least slowing it down. Yet, the Spam Policy
amount of spam continues to grow. SPhish Spam Virus
.so why is there so much spam?
Phish Spam
Phish DoS
DHA Virus
Phish Policy
Phish Spam Virus
Virus Phish
120 DoS Spam DoS NDR
Billion Phish DHA
Phish Spam

A Reason for Spam and a Reason for More Spam
Money
Yes, spammers can make money with email spam. Most spammers are
just sales people looking for an avenue to sel their products or services.
Sending out email is cheap and believe it or not some people do respond
to their spam advertisements. It only takes a few people to respond to a
spam ad to make it profitable for the spammer—so the game is to reach
as many people as possible with the spam message to increase the odds
of finding a few respondents.
Reaching the Right People
With spammers using the "shotgun" approach to marketing (shoot at
everything and you'l hit something) the increase in spam messages makes
sense. Also, to improve their chances, spammers are constantly working to
improve their effectiveness at getting past spam filters. Let's take a look at a
few of the tricks that spammers use to improve their odds of reaching their
target audience.
1st Sneaky Thing: Botnets, Zombies and You
Botnet
A "botnet" is a col ection of compromised computer
systems that are under a common control structure. The
compromised systems, called "zombies", can be directed
to send out spam, phishing, viruses and other malware.
Botnets Attack
A spam attack of mil ions of spam messages can be sent
using a botnet. Each zombie may only send out 1,000
messages for a given attack, but with 10,000 zombies
in a botnet, that's 10 mil ion messages.
A Zombie's Reputation
When a zombie sends out a spam email, it does so from
an assigned Internet address—the "Sender" IP address.
But by limiting the number of spam messages a zombie
sends, the spammer hopes to keep the IP address from
getting a "bad" reputation.
2nd Sneaky Thing: Borrowing a Reputation
Spammers Adapt
Many spam filters rely on Sender IP reputation analysis to block spam.
To lessen the effectiveness of systems which rely on Sender IP reputation,
spammers wil "borrow" IP addresses with a good, or at least neutral, reputation.
? ISPs – Spammers create email accounts on Internet Service Providers (ISPs) big
and smal , al around the world. Blocking al the email coming from an ISP because one user is sending spam could be a problem.
? Hacks – Spammers have been known to buy access to a hacked email server.
They quickly generate a high number of spam messages using the reputation of the company whose server has been hacked.
? You – Or more precisely your company. A zombie system on your network
is potential y compromising your Sender IP reputation, especial y if there are multiple zombies living there.
3rd Sneaky Thing: Spammers Can Authenticate Too
Authentication
Email authentication is basical y testing to see if the domain an email says it is "from" is real y
from the IP address of the sending email server. To work, it requires an organization to
publish an SPF record, which tel s email receivers that a given IP address is al owed to send
email for a given domain.
How Can a Spammer Get Around Authentication?
n Strict set-up of an SPF record means that third party services (such as an email marketing company) typical y cannot send email on a company's behalf. As a consequence, many companies set up authentication, but leave open the option for other IP addresses to send email (for example a third party marketing company or a spammer).
n Just like anyone else, spammers can register domain names and set them up to authenticate properly and then send email from them.
4th Sneaky Thing: Word Salad
"Word salad" is the term used when spammers add what appears to be random words to an email message.
What's the Scam?
n The spammer adds "extra" words to the email assuming
they wil be read and evaluated by the recipients spam The "extra" added words are "good" words not typical y found in a spam email. n When the message is evaluated there are now more "good" words than "bad" words (such as "enhance" and "Love life in the dumps?"
"love life"). If there are more good words than bad words, the spam filter may decide the message is good.
5th Sneaky Thing: Light Reading
Some email spam messages contain more than extra words, they have entire sentences and paragraphs added to the message. Just like "Word Salad" the idea is to add in good words and phrases to the evaluation. The use of complete sentences attempts to make it harder to exclude these "good words" from the evaluation of the message content. "Love life in the dumps?"
It was a dark and rainy night. It was the best of times, it was the worst of times. Once upon a time in a land far, far away. I'm nobody, who are you? Are you a nobody too? How do I love thee? Let me count the ways. 6th Sneaky Thing: Tiny Text
Who Reads Better—You or Your Computer?
Your spam filter reads your email looking for words and phrases it considers "bad"
and if there is enough "bad" content a message can be considered spam. A spammer
tries to disguise the bad words and phrases from the filter but stil make them readable to
you, the recipient, on the hope you'l want what the spammer is sel ing.
What you see: GAIN INCHES PATCH
What your computer sees: asdGAINdfisdfiohINCHESdfjsdfPATCH
The Big and Small of the Trick
The spammer changes the size of the fonts, making the
extraneous letters "disappear" so that you can easily read
the message, while your computer sees a line of gibberish.
7th Sneaky Thing: If Only I Could Spell
Can You Read This?
Crteae a mroe ppsorerous fuutre for yuolserf Reveiee a full dimolpa form non accdetired unieersiitvs beasd upon yuor rael lfie expenierxe T MSost pA
read the message above where the spammer uA
misspel ed words hoping the spam filter wil not be able to understand hings to Consider
H Pow many of your emaSils woCuld mRake it A
filter i L
needed to be spel ed correctly? Many people use acronyms, abbreviations and even IM and text messaging slang in email.
8th Sneaky Thing: How To Spell /!AGr/-
Optical Illusions
Like Scrabble Spam, the trick here is to disguise the "bad" words. In this case the spammer uses symbols, special characters
and even alternate character sets to create the different variations. Using this method, it is estimated that there are over 600
quadril ion ways to spel "Viagra"—that's a lot of rules to write if you want to do this yourself!
What you think you see
What's actually there
/!ÄGRÂ
9th Sneaky Thing: What You See Isn't What You See
Image Tricks
Although images may look the same, often they are not. Small changes can make the images different.
DAY ONE
INBOX: Receive this image
So What's Different?
YOU: "Junk it"
Image layout changes by a pixel or two DAY TWO
INBOX: Receive the "same" image
YOU: "Junk it again"
DAY THREE
INBOX: Receive the "same" image
YOU: "Really junk it"
Image size changes by one or two percent INBOX: Receive the "same" image
YOU: "Call IT now"
10th Sneaky Thing: Social Engineering
Most spammer tricks try to bypass or sneak past your spam filter using subversion. Tricks based on social engineering do the opposite—they try to look and sound legitimate so they can get past your spam filter and into your inbox. Not So Friendly Friend
Extra, Extra
If a friend's system gets compromised your name may Spammers use the latest headlines as the email be in their address book—oops. And if your friend's subject. It not only ads legitimacy to the email, but name is on your "allow" list—double oops.
also often raises our interest in opening the email.
Phishing emails try to use the trust of pretending to Spammers will attach real PDF or similar files to a be from your bank or other trustworthy sources. The message that contains the spam message. The actual intent is to obtain your account, financial or even email says little, except maybe something like "Joe, check this out" or "Q3 revenue forecast".
Beating the Sneaky Spammer
Spam will continue to plague our inboxes until it is no longer profitable for the spammer or there is a hack-proof prevention method that everyone uses. There is no singular technology that can stop al spam, and history has shown us that when a given technology begins to work wel , spammers attack it with a vengeance. That's why multiple anti-spam techniques working together provide the best solution over the long run. These techniques break down into two groups: 1 This is examining the reputation of many email attributes, including the Sender IP
Address, the content, the links/URLs, images, attachments, the email's structure and more.
2 Powerful techniques like Bayesian filtering, lexigraphical distancing and image
inference analysis, along with simpler checks like allow/block lists and SPF checks, are combined to thoroughly analyze an email and dig out its true purpose.
SonicWALL Anti-Spam/Email Security Solutions
SonicWALL delivers a wide variety of industry leading award winning email protection solutions for one to one million users.
SonicWALL Comprehensive Anti-Spam Service
Email spam, phishing and virus protection service for TZ, Network Security Appliance
(NSA), and E-Class NSA firewalls
SonicWALL Email Security for Small Business Server
Inbound and outbound email protection for Windows SBS and Windows EBS environments
SonicWALL Email Security Software
Complete inbound and outbound email protection software ready to install on a
Windows Server
SonicWALL Email Security Appliance
Complete inbound and outbound email protection installed on a hardened appliance
SonicWALL Anti-Spam Desktop
Client-based email spam and phishing protection for Outlook, Outlook Express and
Windows Mail
How Can I Learn More?
n n
For feedback on this e-book or other SonicWALL e-books or whitepapers, please send an e-mail to
[email protected].
About SonicWALL
SonicWALL® is a recognized leader in comprehensive information security solutions. SonicWALL
solutions integrate dynamically intelligent services, software and hardware that engineer the risk, cost
and complexity out of running a high-performance business network. For more information, visit the
company Web site at www.sonicwall.com.
2009 SonicWALL, the SonicWALL logo and Protection at the Speed of Business are registered trademarks of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 07/09 SW 680

Source: http://www.sonicwallonline.co.uk/articles/sneeky-spammer-e-book/file/book_ten_sneaky_things_a_spammer_will_do.pdf