Trends in Spam Products and Exploits Geoff Hulten

Data • Hotmail Feedback Loop – Volunteers classify random samples of their mail as

Trends in Spam Products • Types of Products – – – – – ‘Non-graphic’

Most Popular Spam Product • ‘Non-graphic’ sexual products are big winners • Doubled over

Products on the Way Out • Graphic Porn – Spam with a graphic image

Trends in Spam Exploits • Types of Exploits – – – – Word Obscuring

Fastest Growing Exploits • Word Obscuring – Putting words in images, misspelling, etc. –

Who is Working Hardest? • ‘Non-graphic’ Sexual Products – Averages 2. 44 exploits per

Selling Porn… With a Conscience? • Spam with graphic porn – Averaged 2. 16

Summary • Top Products in Spam – ‘Non-graphic’ sexual products – Prescription medicine –

Slides: 10

Download presentation

Trends in Spam Products and Exploits Geoff Hulten, Anthony Penta, Gopalakrishnan Seshadrinathan, and Manav Mishra Microsoft Safety Technology and Strategy Group, MSN

Data • Hotmail Feedback Loop – Volunteers classify random samples of their mail as spam or good – Tens of thousands of hand classified messages per day – Large ‘unbiased’ sample of spam • Additional analysis on two sets of spam – About a year apart – Type of product being sold – Types of spammer tricks present – Trends in spammer activity

Trends in Spam Products • Types of Products – – – – – ‘Non-graphic’ Sexual Products Insurance Rx / Herbal Financial Travel / Casino Scams Newsletters Other Spam Porn/Sex Graphic Dubious Products

Most Popular Spam Product • ‘Non-graphic’ sexual products are big winners • Doubled over the past year – 17% of spam in 2003 – 34% of spam in 2004 • About triple the volume of the next most popular product categories – Financial products – 13% – Online Prescriptions – 10% – Dubious Products – 10%

Products on the Way Out • Graphic Porn – Spam with a graphic image in it – 13% in 2003, 7% in 2004 • Dubious Products – 20% in 2003, 10% in 2004

Trends in Spam Exploits • Types of Exploits – – – – Word Obscuring URL Spamming Domain Spoofing Token Breaking MIME Attacks Text Chaff URL Obscuring Character Encoding • Exploits increasing rapidly – Average spam in 2003 had 1. 33 exploits – Average spam in 2004 had 1. 73 exploits

Fastest Growing Exploits • Word Obscuring – Putting words in images, misspelling, etc. – Designed to fool content based spam filters – 4% in 2003, 20% in 2004 • URL Chaffing – Adding ‘good’ URLs to spam – Not seen in 2003, present in 10% of spam in 2004 • Spammers are reacting to filtering!

Who is Working Hardest? • ‘Non-graphic’ Sexual Products – Averages 2. 44 exploits per message • Prescription drugs online – Averages 2. 12 exploits per message

Selling Porn… With a Conscience? • Spam with graphic porn – Averaged 2. 16 exploits in 2003 – Averaged 1. 33 exploits in 2004 • The only category of product with a significant decrease in the average number of exploits over the study period

Summary • Top Products in Spam – ‘Non-graphic’ sexual products – Prescription medicine – Financial services – Dubious products • Spammers Adaptive and Working Hard to Get Spam into Inboxes – They are finding effective new tricks – They are putting more work into each spam