Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 15
Members Online: 1

Registered Members: 82876
Newest Member: bhl1986
Latest Articles

Spam

Arrow Image A paper I had to write for University, so I figured I'd post it here too.



Spam can be defined as any unwanted message sent over the internet to a large number of users. The evolution of spam over the years has ranged from a simple message sent across Arpanet to modern spam, one which permeates every aspect of a user’s online life. Messages can be sent not only through email, but also through social networks, messenger programs, and even cellular devices.

Originally, spam was a simple email notifying members of Arpanet of an upcoming computer system release; however, modern spam is everywhere and provides little of use to anyone. Spam now runs rampant through the internet. According to major ISPs, seventy-five percent of all email is blocked because it is recognized as spam at the ISP level. These statistics do not account for the amount that makes it past the ISPs filters and is then blocked by email filters such as Gmail or Yahoo mail.

Email spam has become big business for underground hackers. According to Topix.com, hackers even make contracts to populate spam using emailing lists bought on underground websites and internet relay chat rooms. Email spam has evolved from its earliest forms to a very advanced practice of evading filters to continue population; however, email spam is not the only type of spam populated through the internet.

Websites have become a large target for spammers. Forums are one of the most targeted because there is nothing stopping a registered member from posting his or her message in every thread. Another well-used tactic is to purchase domain names that are similar to a real web address and fill them with spam. For example, Google.cm hosts a large number of clickable ads. Social networks are filled with spammers eager to post spam on their bulletin board or to your inboxes. False names and pictures of attractive girls are used to gain interest along with profile messages about common interests, lure users into believing that the member is legitimate, when they are really spammers. Email addresses and websites are not the only platform for spammers. Instant messengers and cellular devices also have become good targets. Instant message bots fill chat rooms, messaging random users. These messages generally advertise a website or webcam site. Cellular spammers can use simple programs to send messages to mobile devices. Most modern mobile devices allow email as part of the instant message platform. Addresses like 2145551234@txt.att.net allow a user to easily send a message to a friend, but these addresses are also brute-forced easily by a spam program.

With all these methods and platforms for attack vectors for a spammer, is there a way to defend one’s self from these masterminds? The short answer is no; there is very little chance that we will eliminate one hundred percent of spam without also eliminating some legitimate messages. However, there are ways for the spam-aware internet user to protect his or her self from larger amounts of spam. Using an email service such as Gmail or Yahoo will protect you more from spam than simple POP3 applications like squirrel mail because Gmail and Yahoo have spam filters that look for keywords or domain mismatches (email addresses such as member@place.net coming from aol.com). Another method that I prefer is to eliminate being added to a spam list being bought and sold on the “hacker underground.” These lists are generated by “web-crawlers” that look for email addresses in the html of websites. One good way is to post your email address only on sites that offer protection such as converting your email address from member@place.net to member [at] place [dot] net. Better yet, encrypt the password with JavaScript. If you feel the need to post your email address on a forum or site that does not do this for you, you can protect yourself by modifying your email address in a way that a human would understand but an automated program cannot. Converting your email address from member@place.net to nospam-member@place.net will stop automatic spam bots from getting the correct address while a sentient user will notice the “nospam” and remove it from the address box.

In my opinion, spam will never be stopped fully; however, using basic rules to protect who gets access to your email address, using email address modifications, and not subscribing to “shady” emailing lists, we can eliminate a large amount of spam sent out. Spammers are constantly creating new and innovative ways to get their messages out. Likewise, we the users must also be constantly vigilant if we want to slow the spread of spam.

Comments

lesserlightsofheavenon November 02 2007 - 03:42:15
indeed. unfortunately, I'm sure once the spammers figure out how to use regexes, even the "member [at] place [dot] com" method won't work anymore. =P
only_samuraion November 02 2007 - 04:01:53
well, yes, but i didnt wanna get into the whole "encode it with javascript" and shit... teacher is a dumbfuck
SilverHackeron November 02 2007 - 07:01:47
haaaaaaa awesome essayyyyyy
Flaming_figureson November 02 2007 - 11:37:05
I don't know abou the uh, trusting human input thing. nospam-email@whatever.com? Lot's af annoying noobs and idiots out there... wait... you don't want them emailing you... Unless you are in tech support and you write a long draft about how stupid and idiotic they are and how they should die... and then send another explaining how much you value their input Wink
blade10327on December 28 2007 - 19:33:46
its very true:radio::radio:
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.