A type of attack that does not appear to be going anywhere quickly is spam. This is unsolicited emails we get. These emails are getting us or wanting us to click some links to buy something.
It could be sunglasses. It could be refinance your house. It could be pharmaceuticals. There are so many different things.
The problem with spam is that it is working for the bad guys. They’re finding if they send a million messages, somebody will buy something. The problem, of course, is that it is so easy and inexpensive to send a million messages out that they’re immediately getting some nice financial returns on these things.
And there is quite a different little network behind the scenes of botnets and spam senders that are creating problems for us. So it’s an ongoing issue we have to think about when we’re managing our email, managing our bandwidth, making sure we’re keeping our systems very, very secure in our organizations. This has traditionally been used for advertising to get you to buy something, but the bad guys are also noticing that if they send a million messages with links that can then infect your machines those can also now become additional spam botnets.
That’s how the bad guys are sending the spam these days. They’re infecting your machine. Your machine now becomes part of a botnet. They send a command down to your machine saying, go send some spam for me. And your machine begins sending spam out everywhere.
Becomes a big issue, especially when those are all distributed throughout the world. And that’s a pretty big challenge if you’re trying to figure out how to stop these things. You can’t go to a central source. It is a completely distributed process.
Another very common type of spam is spim. This is unsolicited instant messaging. This is when you pop open your IM and suddenly you’re getting messages all over the place.
These bad guys have found if they sneak make some links into your instant message that you may want to click that. Because instant messaging is something that’s a little more personal than spam and they think they can trick you into clicking those links. And those links can be really, really bad ones.
These are very, very directed and very, very specific types of spam. And generally, that’s their only chance at this. It’s something that also doesn’t stick around. It’s not something that’s in your email inbox so they have to be very tricky and very specific.
And it’s usually, of course, robots. There’s no real people sending in these messages. These robots are trying to get you to click those links and have it send that information, have you infect your machine, have you log into a fake website, send your info out to somebody else. There’s also something called split. This is spam over internet telephony.
It’s kind of a bad name for it. Spit. This is the saliva of unsolicited messages. But because it is voice, it becomes very, very difficult to avoid this. You also can’t filter out very easily with voice over IP.
Now one of the advantages of this is that voice over IP, like Skype, like your Google Voice, have made it very, very difficult for the bad guys to use this for bad purposes. So that’s one advantage we have and one reason we aren’t getting a lot of unsolicited internet telephony. But if you are ever in Skype, you know that Skype does have instant messaging capabilities so they’re often piggybacking on some of the additional capabilities built into the internet telephony. So you may not be getting voice, but you may still be contacted through other means within those internet telephony applications.
There are a number of different philosophies to blocking spam, and many of these work in conjunction with another. One of the more obvious ways is to create a white list, which means the only email that comes into my inbox are things that had been checked off as real people. Sometimes this is an automated process.
The first time you send a message to somebody, you may get an automated response back saying, I don’t know who you are. If you are a real person, please click this link, type this information in, and you will be added and your email will be sent on to my inbox. But the challenge, of course, is sometimes legitimate traffic might be blocked.
So we might want to approach it from the other direction. Have a blacklist. Stop everything that we definitely know is bad. Obviously, this can be a very, very, very large list, but this is something that third parties do keep track of and they have very, very big lists. This is one advantage of being on the internet is many people can all work together to create these blacklists.
The problem, of course, is if somebody legitimate gets on the blacklist, you may not be getting some legitimate traffic and that does occasionally occur. Somewhat of a smarter approach to resolve the spam issue is something called Bayesian filtering. This is where we’re not looking at a whitelist or a blacklist and we’re not looking for specific words in an email.
What we’re doing is looking at the entire email. We’re looking at words and phrases. And if we happen to see a number of words and phrases altogether at certain places within the email, you get a particular score.
And if that score is above or below a certain threshold, it either goes into your spam box or it goes into your inbox. So you have some adjustments you can do with this as well. Certainly, not perfect, but if you’re trying to block the majority of the bad stuff coming in, Bayesian filtering may be a good way to do that.
These days, our spam filters are just built into our email clients, of course. We have sometimes whitelists, blacklists, and Bayesian filtering all built into what we’re doing on our desktop. Maybe it’s built into our organizations’ Outlook Exchange front end.
Maybe we have a third party that does all of our spam filtering for us. They’re almost always using a number of these different technologies. And in reality, you have to use all of these working together to really keep all of the noise and all of the spam out of your inbox.
Category: CompTIA Security+ SY0-401