Topics in Email Security IS&T All Staff Meeting Tuesday, April 7, 2011
Brian Allen, CISSP
[email protected] Network Security Analyst, Washington University in St. Louis http://nso.wustl.edu/presentations/
Email Security Tip #1
• Do not click on links in emails
Email Security Tip #2
• See Tip #1
(Thanks Barb!)
Spam Product Supplier Accountant
Seller 1
Seller 2
Seller 3
Spammer3
Spammer1
Spammer1
Spammer3
Spammer2
Spammer2 Spammer1
Spammer3 Spammer2
Where Does Spam Originate? Why Do We Care? • Spam = Bots (Large armys of infected machines sending out spam) • Bots = Sophisticated Malware • Sophisticated Malware = Organized Crime • More than 89% of all email messages were spam in 2010 - Symantec
Spam is Big Business • Rates for one million email addresses: $25 to $50 • 10,000 malware installations: $300–$80 • Sending 100 million emails per day: $10,000 per month • Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010 • How much do the spammers gross per day? $7000 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
Underground Economy • Spammers also are involved in: – CAPTCHA solving – Email harvesting – Custom software – Bulletproof hosting – Proxys
Spam Volume • From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent
Spam Content • • • • • •
Pornography Online pharmacies Phishing Money mule recruitment Malware The malware (Zeus banking Trojan) typically includes: – – – – –
Greeting card Resume Invitation Mail delivery failure Receipt for a recent purchase.
Spam Blacklisting • Only about 12% of bots are blacklisted after an hour when they come online • The rate reaches 90% after a period of about 18 hours
http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
Spam Volume on WUSTL Ironports Feb 2011
Phishing Email
Spear Phishing Example
Phishing Example??
Social Security Number Email 1 From: BOB [
[email protected]] Sent: Friday, April 01, 2011 12:54 PM To: ALICE [
[email protected]] Subject: Registration Request
ALICE: Couldn't remember if I had already sent this request or not. Please register CHARLIE ( 111-11-1111 ) for the session Thank you BOB
Social Security Number Email 2 From: BOB [
[email protected]] Subject: FW: University talk To:
[email protected],
[email protected] Date: Monday, April 4, 2011, 12:57 PM
Dear Ms. ALICE and CHARLIE, I sent this e-mail a couple of weeks, but I haven't heard back from you yet, so I thought that I would send it again. Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave. St. Louis, MO 63130
Emails, Like Postcards, Are Not Encrypted Contact me to discuss encryption options for storing or sending sensitive information
Thanks! http://nso.wustl.edu