Trends in Spam Products and Exploits Geoff Hulten
- Slides: 10
Trends in Spam Products and Exploits Geoff Hulten, Anthony Penta, Gopalakrishnan Seshadrinathan, and Manav Mishra Microsoft Safety Technology and Strategy Group, MSN
Data • Hotmail Feedback Loop – Volunteers classify random samples of their mail as spam or good – Tens of thousands of hand classified messages per day – Large ‘unbiased’ sample of spam • Additional analysis on two sets of spam – About a year apart – Type of product being sold – Types of spammer tricks present – Trends in spammer activity
Trends in Spam Products • Types of Products – – – – – ‘Non-graphic’ Sexual Products Insurance Rx / Herbal Financial Travel / Casino Scams Newsletters Other Spam Porn/Sex Graphic Dubious Products
Most Popular Spam Product • ‘Non-graphic’ sexual products are big winners • Doubled over the past year – 17% of spam in 2003 – 34% of spam in 2004 • About triple the volume of the next most popular product categories – Financial products – 13% – Online Prescriptions – 10% – Dubious Products – 10%
Products on the Way Out • Graphic Porn – Spam with a graphic image in it – 13% in 2003, 7% in 2004 • Dubious Products – 20% in 2003, 10% in 2004
Trends in Spam Exploits • Types of Exploits – – – – Word Obscuring URL Spamming Domain Spoofing Token Breaking MIME Attacks Text Chaff URL Obscuring Character Encoding • Exploits increasing rapidly – Average spam in 2003 had 1. 33 exploits – Average spam in 2004 had 1. 73 exploits
Fastest Growing Exploits • Word Obscuring – Putting words in images, misspelling, etc. – Designed to fool content based spam filters – 4% in 2003, 20% in 2004 • URL Chaffing – Adding ‘good’ URLs to spam – Not seen in 2003, present in 10% of spam in 2004 • Spammers are reacting to filtering!
Who is Working Hardest? • ‘Non-graphic’ Sexual Products – Averages 2. 44 exploits per message • Prescription drugs online – Averages 2. 12 exploits per message
Selling Porn… With a Conscience? • Spam with graphic porn – Averaged 2. 16 exploits in 2003 – Averaged 1. 33 exploits in 2004 • The only category of product with a significant decrease in the average number of exploits over the study period
Summary • Top Products in Spam – ‘Non-graphic’ sexual products – Prescription medicine – Financial services – Dubious products • Spammers Adaptive and Working Hard to Get Spam into Inboxes – They are finding effective new tricks – They are putting more work into each spam