|< Day Day Up >|| |
Everyone on the Internet has a strong opinion on spam. The overwhelming majority of Internet users strongly oppose it, no Internet Service Provider (ISP) wants spam to leave their network, and sending certain types of spam is now illegal in many countries. So how is all the spam sent? It comes down to being creative. Spammers use the Internet in some of the most creative and amazing ways; think of us as the MacGyver’s of cyberspace.
It’s all a race against time—spammers versus anti-spam groups. For every technique spammers come up with to send spam, anti-spam groups come up with a way to block it. And for every technique anti-spam groups create to block spam, spammers come up with a way to bypass it. In the end, no one really wins. So much spam is sent daily that if filters caught 99 percent of it there would still be millions of dollars made from the 1 percent of spam that is delivered. In fact, Microsoft once reported that if they disabled all their spam filters on hotmail.com, they would not be able to hold a single day’s worth of un-filtered e-mail. Spam has become an odorless, tasteless gas—undetectable, untraceable, and penetrating every inch of the cyber-connected world. For a spammer, it is all about sending the spam at any cost; there is no room for guilt or remorse in how you send it.
The mentality of your average spammer is as follows: “I want to send spam, sell a lot of products, get my cash, and leave. If I end up using you to send spam, making your Internet Protocol (IP) blacklisted globally and your ISP close your account and refuse to re-open it, that’s all part of the business. If I had a conscience, I would not be in this business.” This is a clear mark of a spammer; caring does not pay the bills. And this is a warning for anyone on the Internet: there are plenty of others who will take advantage of anything they can online all in the name of profit.
|Notes from the Underground…|| |
Compromising a Mail Server
I once sent spam from a compromised mail server in a particularly large corporation. After two days of solidly sending the spam, their mail server became a known spam-sending host with many large real-time black hole lists (RBLs [maintained by system administrators who are considered the “spam police” of the Internet, who report IPs and domains that are sending them spam]). This meant that at least 80 percent of the Internet could not receive any communication from that company. RBLs all over the world had banned the host and flagged its IP as a known spam-sending mail server.
The only thing that drove me to do this was profit. I made over $5,000.00 in two days. I realize that my actions easily cost the company 50 times that in man-hours alone, but that wasn’t my concern.
I have never met what would be considered an ethical spammer; I doubt one exists. It is too much of a personal contradiction. Most won’t try to sell you fake products, but they don’t see any problem with obtaining your e-mail address and sending you a few messages.
Whether a spammer likes it or not, the only way to send spam is to use someone. No spam technique exists that doesn’t try to pretend to be someone else or downright becomes someone else. It’s all about finding a new way of becoming someone else and using them until their credibility runs out, at which point a new identity is needed.
What follows are some of the most common methods of sending spam. They range from the traditional (the first methods used to send spam) to the innovative (the cutting edge techniques that spammers are creating and perfecting today). Whenever possible I have tried to give Uniform Resource Locators (URLs), screen shots, and as much information as possible, and also include my own personal comments on the methods and my success using them. Please note that the IP addresses and hostnames in these closed examples/demonstrations have been changed.
|< Day Day Up >|| |