2 min read

Spamalytics Revisited

Răzvan STOICA

November 14, 2008

Spamalytics Revisited

 A group of researchers from UC Berkeley and UC San Diego made headlines in the past week for publishing data on the rate of success of a spam wave which was launched using the Trojan.Peed (aka Storm Worm) network. To do this, the researchers hijacked part of the network (an estimated 1.5% of it) and changed it so that e-mails sent from trojans under their control did not send those who clicked to an on-line pharmacy or to a site that would have infected them with a trojan, but rather to a researcher-controlled web page. In this fashion, the efficiency and effectiveness of the spam campaigns could be measured.

 The hijacking was performed by actually installing Peed/Storm command and control servers on computers under the researchers’ control, so that some of the infected machines would use the research servers instead of true ones. The spamming “chores” passed down through these servers to Storm-infected machines was then modified by the researchers to suit their goals.

 According to the researchers, the pharmacy spam wave wasn’t very successful, with an estimate of only about 10 thousand dollars generated from 350 million e-mails sent over a month. The self-propagation waves fared “a little” better, with an estimated 3500-8000 new infected machines each day. The research paper is well worth reading if you’re at all interested in computer security and is certainly a first in the field.

 The means chosen to measure conversion for the self-propagation campaign is particularly interesting. The researchers assumed correctly that not all users who would download the “infected” file from their mock infection site would also run it, so they placed an actual executable as the download target, one that would simply notify the researchers it had been run, by posting on a researcher-controlled server. The researchers noted with interest having
“observed that several anti-virus vendors developed signatures for our benign executable within a few days of our
introducing it”.

 Graham Cluley of Sophos argues that the researchers’ methodology was entirely ethical. “As such – no extra spam was sent, but more of the spam which was sent was non-dangerous”, he said to Register reporter John Leyden.

My personal opinion is that he may well be wrong.

 After all, the infamous Morris worm began life as a research project too (Morris wanted to see how big the Internet had grown). Just like in the Morris case, the people on whose computers the “harmless executable” used in the Spamalytics research was run certainly hadn’t agreed to participate in any kind of research. No-one agreed to receive spam either, not even of the harmless variety, nor was any of the people whose computers were infected with the Storm trojan actually notified.

 A gray area, certainly, and one where security research could benefit from creating unambiguous ethical guidelines akin to those used in sociological research, psychology or even medicine and law enforcement.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read