Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Spam: The Impact of Prosecuting Spammers on Fraud and Malware Contained in Email Spam Alex Kigerl, PhD Washington State University 2015-10-15.

Published byMarjory Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "Malicious Spam: The Impact of Prosecuting Spammers on Fraud and Malware Contained in Email Spam Alex Kigerl, PhD Washington State University 2015-10-15."— Presentation transcript:

1 Malicious Spam: The Impact of Prosecuting Spammers on Fraud and Malware Contained in Email Spam Alex Kigerl, PhD Washington State University 2015-10-15

2 Introduction Spam has grown since its inception, making up 70% of all internet traffic today CAN SPAM Act created in 2004 to regulate spam Prior research of the CAN SPAM Act suggests a deterrent effect of spam rates and some types of compliance However, it is not known the effect of prosecuting spammers on more serious forms of cybercrime contained in spam, such as malware and fraud

3 Fraud and Malware in Spam Malware in spam – A quarter of URLs in spam link to malware – A quarter of malicious URLs are hosted in U.S. servers – All other countries are just 3% or less – A third of malware victimizations result in financial loss Fraud in spam – Humans are the weakest link – Phishing: Steal credential goods; advance fee fraud: Confidence trick – U.S. is targeted by phishing the most, 60% of worldwide phishing volumes

4 The CAN SPAM Act CAN SPAM Act passed and went into enforcement in January 1, 2004 Regulates spam, doesn’t criminalize it- – Forbids falsified headers – Requires meaningful subject field – Include valid physical postal address – Provide opt-out mechanism

5 Evaluations of the CAN SPAM Act Impact of the Act on spam rates – Fines ineffective. Spammers can make good money – Short incarceration periods have emboldening effect – Longer incarceration periods decrease spam rates Impact of the Act on spam compliance – Increases compliance with Act regulations unrelated to header forgery – Increases noncompliance with header forgery – Header forgery might be a precaution against being caught

6 The Present Study Sample: 5,490,905 spam messages received beween 3/1998 and 11/2013 in honeynet accounts The sample was processed via a software program and coded into 3 variables The variables were then aggregated into monthly time series data of 189 observations (months)

7 The Spam Sample

8 DVs: Fraudulent Spam Average probability a message is fraudulent per month Coded via a spam filter using a Naïve Bayes classifier Spam filter trained using a sample of 2,339 fraudulent messages and 1,000 non-fraudulent spam messages to distinguish the 2 categories Cross validated using AUC. AUC =.83

9 DVs: Malware in Spam Two measures representing the percent of messages distributing malware per month Executable download link – Software extracts URLs from messages and identifies if the URL is a direct download of a file – If the file extension is for an executable file, the message is coded as malicious – e.g. http://www.domainname.com/OpenMe.exe Embedded scripts – Identifies any script tags anywhere in the email, of the form – Executable code contained in unsolicited email spam is usually malicious

10 IVs: CAN SPAM Act Activity Code LexisNexis search articles on the CAN SPAM Act on different dimensions CAN SPAM Act enforcement: Number of prosecutions, arrests, convictions, and damages awarded per month Number of articles critical of the CAN SPAM Act Articles attributing spam to individual spammer

11 CVs: Technological, Economic, and Demographic Predictors Time series data acquired from various sources Technological: Internet users per capita, number of tech jobs, Wilshire Internet Market index Economic: Real disposable personal income per capita, GDP growth rate, unemployment Demographic: Population size, percent 15-34 Crime: Arrest rates from UCR

12 Analysis 3 time series regression models Variables selected for each model using AIC backward stepwise elimination starting with 31 variables Final models using time series GLS to control for serial correlation

13 Results: Malicious Links in Spam MeasureB (Malicious Links) Unemployment rate.072 Count of spammers arrested-.128† Count of trial ongoing articles.165† Count of damages awarded articles-.205* Percent of articles with spammer attribution.13** * <.05, ** <.01, *** <.001, † <.1 Fines appear to be effective in lowering malicious links, contrary to prior research on spam rates Spammer attribution significant, but in a direction opposite of that predicted

14 Results: Malicious Scripts in Spam MeasureB (Malicious Scripts) Percent internet users-.088† Percent population aged 15-25-.236** Count of CAN SPAM articles-.144* Count of spammer detained articles.067 Percent of articles without spammer attribution.071* * <.05, ** <.01, *** <.001, † <.1 Internet use marginally associated with lower malicious scripts, consistent with prior studies More articles on the CAN SPAM Act predicts decreased malicious scripts

15 Results: Fraudulent Spam MeasureB (Fraudulent Spam) UCR arrest rate.107*** Percent internet users-.137** Unemployment rate-.116*** Technology jobs-.072*** Population aged 15-25-.171* Consumer price index-.06* Count of trial spammer acquitted articles.059 Percent of articles negative about CAN SPAM-.007 Percent of articles without spammer attribution.006 * <.05, ** <.01, *** <.001, † <.1 No measures of deterrence (e.g. CAN SPAM Act) significant. Instead economic predictors highly significant Fraud rates positively correlated with UCR street crime rates Again internet users predicts less crime (spam fraud in this case)

16 Discussion: Possible Implications of Findings Findings suggest the CAN SPAM Act might have an impact on malware, but not fraud – Spammers in the U.S. may be less likely to rely on fraud and more on malware – Fraud might originate from other countries (Nigeria, Russia) CAN SPAM Act activity consistent in leading to lower malware – No evidence of marginal deterrence, increasing malware due to less serious offenders being deterred Attribution not consistent for malware: Increases links, decreases scripts

17 Discussion Continued Limitations – Spam sample skewed towards web crawler harvester bot method for collecting email lists – Limited measures of malware, many false negatives – Recommend blacklist of malicious URLs or machine learning to identify malware in future research Future research: Investigate the impact of prosecuting malware writers and fraudsters on these measures, rather than just spammers

18 Questions

Download ppt "Malicious Spam: The Impact of Prosecuting Spammers on Fraud and Malware Contained in Email Spam Alex Kigerl, PhD Washington State University 2015-10-15."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Data Mining Methodology 1. Why have a Methodology  Don’t want to learn things that aren’t true May not represent any underlying reality ○ Spurious correlation.

Data Mining Methodology 1. Why have a Methodology  Don’t want to learn things that aren’t true May not represent any underlying reality ○ Spurious correlation.
What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via email, text message, online chat, blogs or various other.

What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via , text message, online chat, blogs or various other.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group

An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
CSC 380 Algorithm Project Presentation Spam Detection Algorithms Kyle McCombs Bridget Kelly.

CSC 380 Algorithm Project Presentation Spam Detection Algorithms Kyle McCombs Bridget Kelly.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst

Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
Llad Phillips1 Part I Strategies to Estimate Deterrence Part II Optimization of the Criminal Justice System.

Llad Phillips1 Part I Strategies to Estimate Deterrence Part II Optimization of the Criminal Justice System.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.

1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Detection of Internet Scam Using Logistic Regression

Detection of Internet Scam Using Logistic Regression
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Similar presentations

Ads by Google