Site Map | Global Sites | Contact us Pandasoftware.com HOME
HomeProducts
Security Info
Panda for:
Home users
Companies
Partners
Security Info / Spam: Unsolicited email messages

  Spam: Unsolicited email messages

 

Miracle products? Make money easily? Unbeatable mortgage terms? Spam, spam, wonderful spam.

Spam: characteristics and types.
How does it work? How is it distributed?
The damage caused by spam.
How can I protect myself against spam?

  

Spam: characteristics and types.

Spam is unsolicited email, normally with an advertising content sent out as a mass mailing.

The term spam is derived from spiced ham, the first tinned meat product that did not need to be kept in a refrigerator. Its use spread as a result, becoming part of the communal meals of the United Status and Russian armies during the Second World War.

Later on, in 1969, actors from Monty Python acted out a sketch in which customers in a restaurant tried to choose from a menu where all the dishes contained… spam, while a group of Vikings chanted “spam, spam, spam, lovely spam, wonderful spam”. In short, spam appeared everywhere and drowned out all the other conversations.

For historical purposes, the first documented case of spam is a letter sent in 1978 by the company Digital Equipment Corporation. This company sent an advertisement about its DEC-20 computer to all ArpaNet users (precursor of the Internet) on the west coast of the United States. However, the word spam was not coined until 1994, when an advertisement appeared in Usenet from the lawyers Lawrence Cantera and Martha Siegel. It provided information about their service for completing entry forms for United States work permits. This advertisement was sent using a script to all the discussion groups back then.

Some of the most common characteristics these types of email messages have are:

  • The address that appears as that of the message sender is unknown to the user and is quite often spoofed.
  • The message does not often have a Reply address.
  • An eye-catching subject is presented.
  • It has advertising content: website advertisements, ways to make money easily, miracle products, property offers, or simply lists of products on special offer.
  • Most spam is written in English and comes from the United States or Asia, although spam in Spanish is also now becoming common.

Although this type of malware is normally spread via email, there are variants, each with their own name according to their distribution channel:

  • Spam: sent by email.
  • Spim: specific to Instant Messaging applications (MSN Messenger, Yahoo Messenger etc).
  • Spit: spam over IP telephony. IP telephony consists in using the Internet to make telephone calls.
  • Spam SMS: spam designed to be sent to mobile devices using SMS (Short Message Service).

Spam is a phenomenon which is increasing daily, representing a high percentage of all email traffic.

What’s more, as more effective solutions and technologies emerge to tackle spam, spammers (malicious users exclusively devoted to sending spam) become ever more sophisticated and modify their techniques in order to avoid the countermeasures deployed by users.

 

How does it work? How is it distributed?

Obtaining email addresses

Spammers try to obtain as many valid email addresses as possible, i.e. actually used by users. They use different techniques for this, some of which are highly sophisticated:

  • Mail lists: the spammer looks in the mail list and notes down the addresses of the other members.
  • Purchasing user databases from individuals or companies: although this type of activity is illegal, it is actually carried out in practice and there is a black market.
  • Use of robots (automatic programs) that scour the Internet looking for addresses in web pages, newsgroups, weblogs, etc.
  • DHA (Directory Harvest Attack) techniques: the spammer generates email addresses belonging to a specific domain and sends messages to them. The domain mail server will respond with an error to those addresses that do not actually exist, so the spammer can discover which addresses generated are valid. The addresses can be compiled using a dictionary or through brute force, i.e. by trying all possible character combinations.

Consequently, all email users are at risk from these types of attacks. Any address published on the Internet (used in forums, newsgroups or on any website) is more likely to be a spam victim.

Techniques used.

Spammers use numerous techniques to produce messages capable of by-passing all types of mail filters. Some of the tricks used to obscure the message’s HTML code are looked at below:

  • Division of message subject line using bogus line breaks:

    Subject: =?utf-8?q?Identical drugs -- l?=
    =?utf-8?q?ittle monetary valu?=
    =?utf-8?q?e!?=

  • Use of null characters (Quoted-Printable type encoding):

    <=00H=00T=00M=00L=00>=00<=00H=00E=00A=00D=00>=00=0D=00=0A=00<=00M=00E=00=
    T=00A=00 =00h=00t=00t=00p=00-=00e=00q=00u=00i=00v=00=3D=00C=00o=00n=00=
    t=00e=00n=00t=00-=00T=00y=00p=00e=00 =00c=00o=00n=00t=00e=00n=00t=00=3D=
    =00"=00t=00e=00x=00t=00/=00h=00t=00m=00l=00;=00 =00c=00h=00a=00r=00s=00=
    e=00t=00=3D=00u=00n=00i=00c=00o=00d=00e=00"=00>=00=0D=00=0A=00<=00M=00=
    E=00T=00A=00 =00c=00o=00n=00t=00e=00n=00t=00=3D=00"=00M=00S=00H=00T=00=
    M=00L=00 =006=00.=000=000=00.=002=008=000=000=00.=001=004=000=000=00"=00=
    =00n=00a=00m=00e=00=3D=00G=00E=00N=00E=00R=00A=00T=00O=00R=00>=00<=00=
    /=00H=00E=00A=00D=00>=00=0D=00=0A=00<=00B=00O=00D=00Y=00>

  • Interchanging letters in the words used. The message is still legible to the recipient, but the filters do not recognize the words used:

    I finlaly was able to lsoe the wieght I have been sturggling to
    lose for years! And I couldn't bileeve how simple it was! Amizang
    pacth makes you shed the ponuds! It's Guanarteed to work or your
    menoy back!

  • Inverting text using the Unicode right-to-left override, expressed as HTML entities (&#8238; y &#8236;):

    Your B&#8238;na&#8236;k C&#8238;dra&#8236; Link&#8238;ni&#8236;g

    (Your Bank Card Linking)

  • Encapsulating a <map> tag with an HREF tag, so that a legitimate URL appears instead of a malicious one.

    <A HREF="<URL_LEGÍTIMA>">
    <map name="FPMap0">
    <area coords="0, 0, 623, 349" shape="rect" href="<URL_MALICIOSA>">
    </map>
    <img SRC="<img_url>" border="0" usemap="#FPMap0">
    </A>

  • Use of ASCII characters to “design” the message content:

Although some of the techniques used have now been mentioned, there are many more, such as the use of incorrect HTML tags, URL encoding, the use of HTML entities to conceal certain letters, the use of invisible ink, etc.

Other types of techniques are based on including the spam message as an attached file in a valid message or the use of CSS (Cascading Style Sheets) in spam messages to conceal certain words or parts of the message.

Methods used for spam distribution are as follows:

  • Vulnerable or poorly configured mail servers (Open Relay) which allow any user to send messages without checking their sender (which will normally be spoofed).
  • Computers affected by malware: certain types of malware facilitate the sending of spam through affected computers, such as the installation of proxy servers. It is even possible to rent botnets, real computer networks affected by bots (hybrids of worms, Trojans and backdoors).

 

The damage caused by spam.

The main damage caused by receiving spam can be classed as direct damage:

  • Loss of productivity.
  • Use of corporate network resources: bandwidth, disk space, mail saturation etc.

And indirect damage, such as:

  • The risk of sending spam under your name or from your PC or domain, by being identified as spammers by the servers that have been sent spam without knowing it.
  • Some important valid messages may be deleted erroneously when eliminating spam quickly.

Spam may also serve as a propagation method for an even greater danger: malware. It may be used to distribute malware that does not have its own means of propagation: Trojans, keyloggers, backdoors etc.

In a spam mail, it is very easy to include an attachment with a virus or a link to a site (apparently interesting), from which some type of malicious code is downloaded without the user knowing. Viruses can also be concealed in the message code.

The damage caused by spam is extensive, and even more so in a corporate environment where the economic repercussions can be enormous. As a result, it is crucial that legitimate messages reach their destination, while spam must be blocked. It appears obvious that protection against spam, particularly at a corporate level, should be a top priority.

This type of malware exists purely for financial reasons. Sending an email message to promote all types of services, products, frauds and swindles is incredibly cheap, with substantial profits being obtained from convincing only a very small percentage of users to buy the product or service.

 

How can I protect myself against spam?

The mail message filter is a basic measure to prevent spam entering users’ mail boxes. There are many applications that can filter emails by message, keywords, domains, IP addresses from where the messages come from, etc.

For companies, rather than simply being able to identify spam messages correctly, the problem depends on adequately managing the large quantities of messages of this type that are received daily. Consequently, the tools to be used should take into account other factors.

The best anti-spam systems should be based on more than just one technology. They should use diverse techniques (heuristic rules, Bayesian filters, white and black lists, digital signatures, sender authentication, etc) which achieve the basic aim of reducing false positives to a minimum and therefore eliminate the possibility of a user losing a message as a result of a system error, maintaining a high degree of efficiency in spam detection in the process.

Panda Software has a complete range of technological solutions. These solutions are varied and adapted to the needs of each client, from the domestic user to the business environment, offering comprehensive centralized protection for all network layers: workstations, mail and browser servers and corporate firewalls.

Also, take into account the following guidelines for protecting yourself against spam and minimizing its effects:

  • Do not publish your personal email addresses in any public site, such as web pages for example.
  • Never click on the “unsubscribe” link in a spam message. All this will do is let the spammer verify that your email address is active.
  • Never reply to a spam message.
  • Do not resend chain letters, requests or dubious virus alerts.
  • Do not open the spam message.
  • Disable the Preview Pane of your email client.
  • Do not purchase products offered to you through unsolicited emails.
  • Have various email accounts, and use them for separate purposes: personal, work, etc.
  • Use an anti-spam filter or an anti-spam solution.
  • Install an antivirus solution.
  • Install content filter software.

 

 
  Print page.  Send page.  
Top Downloads
Titanium 06 (free)
Platinum 06 (free)
WebAdmin (free)
How would you rate your level as an Internet user?