longtime behavior of harvesting spam bots
play

Longtime Behavior of Harvesting Spam Bots Oliver Hohlfeld TU Berlin - PowerPoint PPT Presentation

Oct 25, 2022 •432 likes •870 views

Longtime Behavior of Harvesting Spam Bots Oliver Hohlfeld TU Berlin / DT Labs Thomas Graf Florin Ciucu Modas GmbH TU Berlin / DT Labs Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC12 1 / 10 Image

  1. Longtime Behavior of Harvesting Spam Bots Oliver Hohlfeld TU Berlin / DT Labs Thomas Graf Florin Ciucu Modas GmbH TU Berlin / DT Labs Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 1 / 10

  2. Image source: http://www.flickr.com/photos/twistermc/3382403844/ (CC BY-SA 2.0) Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 2 / 10

  3. Why you? Image source: http://www.flickr.com/photos/twistermc/3382403844/ (CC BY-SA 2.0) Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 2 / 10

  4. Why you? Scope: Address harvesting from public web sites Image source: http://www.flickr.com/photos/twistermc/3382403844/ (CC BY-SA 2.0) Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 2 / 10

  5. Approach Our Infrastructure 9 Web Sites (1 US) Database SMTP Servers Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 3 / 10

  6. Approach Our Infrastructure Address Harvester Addresses Web Crawler HTTP 9 Web Sites (1 US) Money Addresses Database Spammer SMTP Servers Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 3 / 10

  7. Approach Our Infrastructure Address Harvester Addresses Web Crawler HTTP 9 Web Sites (1 US) Money Addresses Database Spammer Might pay botmaster to send Spam E-Mail botnet SMTP Servers Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 3 / 10

  8. Approach Our Infrastructure Address Harvester ☎ ta ✜�✁✂✄ ☎ ✆ ✝ ✦ ✧ Addresses Web Crawler HTTP 9 Web Sites (1 US) ears Money Addresses Database Spammer Might pay botmaster to send Spam E-Mail botnet SMTP Servers Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 3 / 10

  9. Host Properties How many harvesting hosts? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  10. Host Properties How many harvesting hosts? > 1 k Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  11. Host Properties How many harvesting hosts? > 1 k Geolocation? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  12. Host Properties How many harvesting hosts? > 1 k Geolocation? 800 60.6% # Distinct IPs 200 2% 0 DE US GB CN NL ES CI RO TW MY Figure: by requesting IPs Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  13. Host Properties How many harvesting hosts? > 1 k Geolocation? 800 300k 60.6% 46% # Distinct IPs Mails 26% SpamE− 150k 1 Host 200 10% 50k 2% 0 0 DE US GB CN NL ES CI RO TW MY RO BG DE NL CN US PL VN PT CH Figure: by requesting IPs Figure: by spam volume 24 massive harvesting hosts in Romania ( ≈ 10k page requests / day) Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  14. Host Properties How many harvesting hosts? > 1 k Geolocation? 800 300k 60.6% 46% # Distinct IPs Mails 26% SpamE− 150k 1 Host 200 10% 50k 2% 0 0 DE US GB CN NL ES CI RO TW MY RO BG DE NL CN US PL VN PT CH Figure: by requesting IPs Figure: by spam volume 24 massive harvesting hosts in Romania ( ≈ 10k page requests / day) How are they connected? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  15. Host Properties How many harvesting hosts? > 1 k Geolocation? 800 300k 60.6% 46% # Distinct IPs Mails 26% SpamE− 150k 1 Host 200 10% 50k 2% 0 0 DE US GB CN NL ES CI RO TW MY RO BG DE NL CN US PL VN PT CH Figure: by requesting IPs Figure: by spam volume 24 massive harvesting hosts in Romania ( ≈ 10k page requests / day) How are they connected? 73% hosted in ADSL / cable networks Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  16. Host Properties How many harvesting hosts? > 1 k Geolocation? 800 300k 60.6% 46% # Distinct IPs Mails 26% SpamE− 150k 1 Host 200 10% 50k 2% 0 0 DE US GB CN NL ES CI RO TW MY RO BG DE NL CN US PL VN PT CH Figure: by requesting IPs Figure: by spam volume 24 massive harvesting hosts in Romania ( ≈ 10k page requests / day) How are they connected? 73% hosted in ADSL / cable networks Using Tor Anonymity Service? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  17. Host Properties How many harvesting hosts? > 1 k Geolocation? 800 300k 60.6% 46% # Distinct IPs Mails 26% SpamE− 150k 1 Host 200 10% 50k 2% 0 0 DE US GB CN NL ES CI RO TW MY RO BG DE NL CN US PL VN PT CH Figure: by requesting IPs Figure: by spam volume 24 massive harvesting hosts in Romania ( ≈ 10k page requests / day) How are they connected? 73% hosted in ADSL / cable networks Using Tor Anonymity Service? No Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 4 / 10

  18. Blocking Does blacklisting help? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 5 / 10

  19. Blocking Does blacklisting help? → Yes (26% hosts balacklisted at access time) Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 5 / 10

  20. Blocking Does blacklisting help? → Yes (26% hosts balacklisted at access time) HTTP User Agent String Fingerprinting? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 5 / 10

  21. Blocking Does blacklisting help? → Yes (26% hosts balacklisted at access time) HTTP User Agent String Fingerprinting? Variability might imply only few active parties Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 5 / 10

  22. Blocking Does blacklisting help? → Yes (26% hosts balacklisted at access time) HTTP User Agent String Fingerprinting? Variability might imply only few active parties “Java/1.6.0 17” UA 3% of harvesting hosts 88% of harvesting page requests 55% of total spam volume 99.9% of Romanian harvesting bots Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 5 / 10

  23. Blocking Does blacklisting help? → Yes (26% hosts balacklisted at access time) HTTP User Agent String Fingerprinting? Variability might imply only few active parties “Java/1.6.0 17” UA 3% of harvesting hosts 88% of harvesting page requests 55% of total spam volume 99.9% of Romanian harvesting bots → Blocking certain user agent strings currently helps Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 5 / 10

  24. Proxies Revisited: Search Engines Search engines exploited for malicious activities Also used by harvesters? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 6 / 10

  25. Proxies Revisited: Search Engines Search engines exploited for malicious activities Also used by harvesters? Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 6 / 10

  26. Proxies Revisited: Search Engines Our Infrastructure Search Engine 9 Web Sites (1 US) Address Harvester Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 7 / 10

  27. Proxies Revisited: Search Engines Our Infrastructure Search Engine Addresses Web Crawler HTTP 9 Web Sites (1 US) Address Harvester Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 7 / 10

  28. Proxies Revisited: Search Engines Our Infrastructure Search Engine Addresses Web Crawler HTTP 9 Web Sites (1 US) Address Harvester ECrawl, ... Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 7 / 10

  29. Proxies Revisited: Search Engines Our Infrastructure Search Engine Addresses Web Crawler HTTP 9 Web Sites (1 US) ECrawl v2.63: “Access to the Google cache Address Harvester (VERY fast harvesting)” ECrawl, ... Fast Email Harvester 1.2 : “collector sup- ports all major search engines, such as Google, Yahoo, MSN” Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 7 / 10

  30. Proxies Revisited: Search Engines Our Infrastructure Search Engine Addresses Web Crawler HTTP 9 Web Sites (1 US) Address Harvester 0.5% of addresses spammed ECrawl, ... 0.2% of total spam Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 7 / 10

  31. Proxies Revisited: Search Engines Our Infrastructure Search Engine Addresses Web Crawler HTTP 9 Web Sites (1 US) Address Harvester 0.5% of addresses spammed ECrawl, ... 0.2% of total spam → You don’t want to block Google! Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 7 / 10

  32. Address Usage 1 faster slower 0.8 70% < 11 days 0.6 CDF 0.4 faster slower 0.2 Full Data Set Search Engines 0 0.1 1 10 100 1000 Address Turnaround Time (Days) 50% spammed < 4 days (general), 11 days (search engines) Oliver Hohlfeld (TU Berlin / DT Labs) Longtime Behavior of Harvesting Spam Bots IMC’12 8 / 10

Recommend

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Identifying Web Spam Identifying Web Spam With User Behavior Analysis With User Behavior

Identifying Web Spam Identifying Web Spam With User Behavior Analysis With User Behavior

Identifying Web Spam Identifying Web Spam With User Behavior Analysis With User Behavior Analysis Yiqun Liu, Rongwei Cen, Min Zhang, Shaoping Ma, Liyun Ru Yiqun Liu, Rongwei Cen, Min Zhang, Shaoping Ma, Liyun Ru State Key Lab of Intelligent

796 views • 26 slides
Discord Bot CHRIS L Discord What is it? Why does it need bots? Existing bots Why

Discord Bot CHRIS L Discord What is it? Why does it need bots? Existing bots Why

Discord Bot CHRIS L Discord What is it? Why does it need bots? Existing bots Why does it need more bots? Wanted Features Convenience Information Grabbing Administration Technologies used Node.js Discord JS

338 views • 12 slides
Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
Perspectives on CSCW 2017 Courtney Williams Opening Keynote Conversational Intelligence: Bots

Perspectives on CSCW 2017 Courtney Williams Opening Keynote Conversational Intelligence: Bots

Perspectives on CSCW 2017 Courtney Williams Opening Keynote Conversational Intelligence: Bots and Lessons Learned Lili Cheng (Microsoft Research) Xiaoice (China), Tay (US) Advanced conversational bots Bots for work, bots for

569 views • 11 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
The Power of Bots: Understanding Bots in OSS Projects Mairieli Wessel Bruno Mendes Igor

The Power of Bots: Understanding Bots in OSS Projects Mairieli Wessel Bruno Mendes Igor

The Power of Bots: Understanding Bots in OSS Projects Mairieli Wessel Bruno Mendes Igor Steinmacher Igor Wiese Ivanilton Polato Ana Paula Chaves Marco Aurlio Gerosa Research funded by CNPq, FAPESP and NAU Open Source Software (OSS)

511 views • 22 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
Neuroevolution of Combat Bots Artificial Intelligence for Interactive Media and Games Professor

Neuroevolution of Combat Bots Artificial Intelligence for Interactive Media and Games Professor

3/30/17 Neuroevolution of Combat Bots Artificial Intelligence for Interactive Media and Games Professor Charles Rich Computer Science Department rich@wpi.edu IMGD 4000 (D 17) 1 Constructing Complex NPC Behavior via Multi-Objective

306 views • 16 slides
author profiling shared task on: Bots and gender profiling Francisco Rangel &amp; Paolo Rosso

author profiling shared task on: Bots and gender profiling Francisco Rangel &amp; Paolo Rosso

Overview of the 7 th author profiling shared task on: Bots and gender profiling Francisco Rangel &amp; Paolo Rosso 10th September 2019 Bots: propaganda, fake news, inflammatory content Bots may influence users with comercial, political or

512 views • 35 slides
Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why should you care? How to detect Spam? 2 What is Spam? What is Spam? All forms of malicious manipulation of user generated data so as to

943 views • 56 slides
Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Seminar: Future Of Web Search University of Saarland Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood Tutor : Klaus Berberich Date : 17-Jan-2008 The Agenda Focus of the First Paper

1.22k views • 53 slides
spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian Developer since 2003 Listmaster Alioth Admin Maintainer of packages like iproute, icinga, nagios and a lot of other useless stu ff

219 views • 20 slides
Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee Institute of Computer Science, University of Tartu Overview Spam is Evil ML for Spam Filtering: General Idea, Problems. Some Algorithms Nave Bayesian

391 views • 35 slides
A Qualitative Comparison of Facebook and Twitter Bots Introduction The increasing level of

A Qualitative Comparison of Facebook and Twitter Bots Introduction The increasing level of

A Qualitative Comparison of Facebook and Twitter Bots Introduction The increasing level of sophistication in the field of machine learning and artificial intelligence has spawned the creation of automated programs called bots A bot

620 views • 17 slides
x 2 &gt; b w T x &gt; 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

x 2 &gt; b w T x &gt; 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

A neuron (or how our brains work) Linear models Subhransu Maji CMPSCI 670: Computer Vision November 3, 2016 Neuroscience 101 CMPSCI 670 Subhransu Maji (UMASS) 2 Perceptron Example: Spam Input are feature values Imagine 3 features (spam

682 views • 8 slides
Introduction to Outcome Harvesting Open Contracting Programme Agenda Definition of Outcome

Introduction to Outcome Harvesting Open Contracting Programme Agenda Definition of Outcome

Introduction to Outcome Harvesting Open Contracting Programme Agenda Definition of Outcome Outcome 1 Introduction to Outcome Harvesting Harvesting Added Value of Outcome Harvesting 2 Part 1 1h Purpose: Present Outcome Harvesting

237 views • 19 slides
AI Neural Bots By: Machine Learning Group @ CLT https://machinelearning.group/ Thanks to our

AI Neural Bots By: Machine Learning Group @ CLT https://machinelearning.group/ Thanks to our

AI Neural Bots By: Machine Learning Group @ CLT https://machinelearning.group/ Thanks to our sponsors below Agenda - Group introduction and announcements - Intro to Bots - Demos - Azure Bot Service - Cognitive Services - Our Bot

685 views • 46 slides
Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What is spam? Different spam types Anti-Spam Techniques Probability theory basics Conditional probability Bayes Theorem Naive Bayes Theorem Spam

1.04k views • 27 slides
Rain water harvesting for WASH International Symposium on Rainwater Harvesting and Resilience:

Rain water harvesting for WASH International Symposium on Rainwater Harvesting and Resilience:

Rain water harvesting for WASH International Symposium on Rainwater Harvesting and Resilience: Addis Ababa, Ethiopia: 1st to 12th of June 2015 Tobias Omufwoko Country Coordinator 1 The WASH Scenario WASH is an acronym for Water, Sanitation

122 views • 8 slides
@oxangiemarie We build narrative experiences for messaging and voice platforms. What? Why?

@oxangiemarie We build narrative experiences for messaging and voice platforms. What? Why?

@oxangiemarie We build narrative experiences for messaging and voice platforms. What? Why? How? What? Why? How? Push bots Pull bots Call and response bots &quot;Alexa, ask TD Ameritrade for the price of Amazon.&quot; Sustained

330 views • 30 slides

More recommend