Topics in Email Security - Network Security Office

advertisement
Topics in Email Security
IS&T All Staff Meeting
Tuesday, April 7, 2011
Brian Allen, CISSP
brianallen@wustl.edu
Network Security Analyst,
Washington University in St. Louis
http://nso.wustl.edu/presentations/
Email Security Tip #1
• Do not click on links in emails
Email Security Tip #2
• See Tip #1
(Thanks Barb!)
Spam Product Supplier
Accountant
Seller 1
Seller 2
Seller 3
Spammer3
Spammer1
Spammer1
Spammer3
Spammer2
Spammer2
Spammer1
Spammer3
Spammer2
Where Does Spam Originate?
Why Do We Care?
• Spam = Bots (Large armys of infected
machines sending out spam)
• Bots = Sophisticated Malware
• Sophisticated Malware = Organized Crime
• More than 89% of all email messages were
spam in 2010 - Symantec
Spam is Big Business
• Rates for one million email addresses: $25 to
$50
• 10,000 malware installations: $300–$80
• Sending 100 million emails per day: $10,000
per month
• Cutwail’s profit for providing spam services:
$1.7 - $4.2 million since June 2009 – Aug 2010
• How much do the spammers gross per day?
$7000
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
Underground Economy
• Spammers also are involved in:
– CAPTCHA solving
– Email harvesting
– Custom software
– Bulletproof hosting
– Proxys
Spam Volume
• From Jul 30 - Aug 25, 2010 security
researchers infiltrated the Cutwail spam
network and discovered 87.7 billion emails
were successfully sent
Spam Content
•
•
•
•
•
•
Pornography
Online pharmacies
Phishing
Money mule recruitment
Malware
The malware (Zeus banking Trojan) typically includes:
–
–
–
–
–
Greeting card
Resume
Invitation
Mail delivery failure
Receipt for a recent purchase.
Spam Blacklisting
• Only about 12% of bots are blacklisted after
an hour when they come online
• The rate reaches 90% after a period of about
18 hours
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
Spam Volume on
WUSTL Ironports Feb 2011
Phishing Email
Spear Phishing Example
<http://michaelkellett com/ez/wustl.html>
Phishing Example??
Social Security Number Email 1
From: BOB [BOB@WUSTL.EDU]
Sent: Friday, April 01, 2011 12:54 PM
To: ALICE [ALICE@NOTWUSTL.COM]
Subject: Registration Request
ALICE:
Couldn't remember if I had already sent this request or not.
Please register CHARLIE ( 111-11-1111 ) for the session
Thank you
BOB
Social Security Number Email 2
From: BOB [BOB@WUSTL.EDU]
Subject: FW: University talk
To: ALICE@NONWUSTL.EDU, CHARLIE@NOTWUSTL.COM
Date: Monday, April 4, 2011, 12:57 PM
Dear Ms. ALICE and CHARLIE,
I sent this e-mail a couple of weeks, but I haven't heard back
from you yet, so I thought that I would send it again.
Also, my SSN is 222-22-2222 and my home address is:
1234 Oak Ave.
St. Louis, MO 63130
Emails, Like Postcards, Are Not
Encrypted
Contact me to discuss encryption
options for storing or sending
sensitive information
Thanks!
http://nso.wustl.edu
Download