Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Study Finds Spammers' Weak Spot

Junk email distributors are much more vulnerable at the receiving end than at the sending end, research finds

Instead of trying to stop the spray of spam as it comes out of the firehose, maybe we should be looking to shut it off at the hydrant, some university researchers are suggesting this week.

In a report issued yesterday, computer scientists at the University of California at San Diego said they have found "striking differences" between the infrastructure used to distribute spam and the infrastructure used to collect responses from its victims. The net result: Most spam responses are collected by a single, individual Web server.

Ninety-four percent of the scams advertised via embedded links are hosted on individual Web servers, according to a paper that will be presented at the USENIX Security 2007 conference in Boston tomorrow.

"A given spam campaign may use thousands of mail relay agents to deliver its millions of messages, but it may use only a single server to handle requests from recipients who respond. A single takedown of a scam server -- or a spammer redirect -- can curtail the earning potential of an entire spam campaign," the report says.

Using new Internet monitoring approaches developed at UCSD, the computer scientists studied a spam feed over the course of a week. They analyzed spam-advertised Web servers hosting online scams that either offer merchandise and services or use malicious means to defraud users. The researchers followed the URLs embedded in spam back to the hosting servers, probed the servers, and analyzed the Web pages advertised in the spam.

"Our findings suggest that the current scam infrastructure is particularly vulnerable to common blocking techniques, such as blacklisting," says Geoff Voelker, a computer science and engineering professor at the UCSD Jacobs School.

The research was enabled by UCSD's "spamscatter" approach, which allowed the computer scientists to study more than a million spam messages from a live feed. Spamscatter allows researchers to mine emails, identify URLs in real time, and follow these links through any redirection mechanisms and onto the Web page of the destination server.

"Spamscatter provides a mechanism for studying global Internet behavior from a single vantage point," says Voelker.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.