Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP [email protected] Network Security Analyst, Washington University in St. Louis http://nso.wustl.edu/presentations/
Dec 16, 2015
Topics in Email Security
IS&T All Staff MeetingTuesday, April 7, 2011
Brian Allen, [email protected]
Network Security Analyst,Washington University in St. Louis
http://nso.wustl.edu/presentations/
Email Security Tip #1
• Do not click on links in emails
Email Security Tip #2
• See Tip #1 (Thanks Barb!)
Spam Product Supplier
Seller 1 Seller 2 Seller 3
Accountant
Spammer3
Spammer2Spammer1
Spammer1
Spammer2
Spammer3
Spammer1
Spammer2
Spammer3
Where Does Spam Originate?Why Do We Care?
• Spam = Bots (Large armys of infected machines sending out spam)
• Bots = Sophisticated Malware• Sophisticated Malware = Organized Crime• More than 89% of all email messages were
spam in 2010 - Symantec
Spam is Big Business
• Rates for one million email addresses: $25 to $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
• 10,000 malware installations: $300–$80• Sending 100 million emails per day: $10,000
per month http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
• Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010
• How much do the spammers gross per day? $7000 http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
Underground Economy
• Spammers also are involved in:– CAPTCHA solving– Email harvesting– Custom software– Bulletproof hosting– Proxys
Spam Volume
• From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent
Spam Content
• Pornography• Online pharmacies• Phishing• Money mule recruitment• Malware• The malware (Zeus banking Trojan) typically includes:
– Greeting card– Resume– Invitation– Mail delivery failure– Receipt for a recent purchase.
Spam Blacklisting• Only about 12% of bots are blacklisted after an
hour when they come online• The rate reaches 90% after a period of about
18 hours
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
Spam Volume on WUSTL Ironports -
Feb 2011
Phishing Email
Spear Phishing Example
<http://michaelkellett com/ez/wustl.html>
Phishing Example??
Social Security Number Email 1
From: BOB [[email protected]]Sent: Friday, April 01, 2011 12:54 PMTo: ALICE [[email protected]]Subject: Registration Request ALICE:Couldn't remember if I had already sent this request or not.Please register CHARLIE ( 111-11-1111 ) for the session Thank youBOB
Social Security Number Email 2
From: BOB [[email protected]]Subject: FW: University talkTo: [email protected], [email protected]: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE,I sent this e-mail a couple of weeks, but I haven't heard back from you
yet, so I thought that I would send it again.Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave.St. Louis, MO 63130
Emails, Like Postcards, Are Not Encrypted
Contact me to discuss encryption options for storing or sending
sensitive information
Thanks!
http://nso.wustl.edu