Do your friends spam you?
No. Well, at least my friends wouldn't :)
But there are many of us who do receive emails that look like they come in from friends but actually are invitations to shady sites.
How does that happen then?
There are many ways that these malicious people get their way. They build "quality email lists". Quality translates to valid email addresses with an inbox that actual people open each day and look for messages.
Simple illustration:
I signed up at Careerbuilder.com and posted my resume. Some one out there "Mr. Spam Artist" pays $300 and registers as a bogus employer at Careerbuilder.com. He then runs a "bot" that scours thousands of public resumes, gathers email addresses and sends out a seemingly normal looking email. It will entice the receiver into clicking a "link". That link will have query string parameters to submit your email to his spam server. Now he has an email address that some one out there (me) is actualy looking at.
At this point he can sell my email as part of a list and make money. But why stop here, when there is more meat out there?
Next, he sends me a "trojan". These are tiny programs that if you some how activate. (Some times, just by looking at a gif file) will gather all emails in my address book/reply all/sent etc. and submits them back to his spam server...
Now we have thousands of victims. With the normal email protocol we use there is no way to validate the "sender" of an email. If you used .NET, 4 lines of C# code can send any number of emails to any email address you want FROM ANY email address you want!
Finally, these email banks are also sold on the black market to other spammers. Obviously our own actions create these "quality" email lists.
When there are bots doing this 24 hours a day, and given the number of ignorant internet dwellers, there is an abundance of evidence that it gets profitable very soon.
Most times, these servers are placed in countries where there is no US jurisdiction/extradition.
Are you one of the many who is wondering how can some one be aiding Mr. Spam Artist just by looking at a picture of whatever?
Click this: http://www.darknet.org.uk/2006/09/web-based-e-mail-hotmail-yahoo-gmail-hackhacking-with-javascript/
Much more can be googled for at the pleasure of the reader.
But there are many of us who do receive emails that look like they come in from friends but actually are invitations to shady sites.
How does that happen then?
There are many ways that these malicious people get their way. They build "quality email lists". Quality translates to valid email addresses with an inbox that actual people open each day and look for messages.
Simple illustration:
I signed up at Careerbuilder.com and posted my resume. Some one out there "Mr. Spam Artist" pays $300 and registers as a bogus employer at Careerbuilder.com. He then runs a "bot" that scours thousands of public resumes, gathers email addresses and sends out a seemingly normal looking email. It will entice the receiver into clicking a "link". That link will have query string parameters to submit your email to his spam server. Now he has an email address that some one out there (me) is actualy looking at.
At this point he can sell my email as part of a list and make money. But why stop here, when there is more meat out there?
Next, he sends me a "trojan". These are tiny programs that if you some how activate. (Some times, just by looking at a gif file) will gather all emails in my address book/reply all/sent etc. and submits them back to his spam server...
Now we have thousands of victims. With the normal email protocol we use there is no way to validate the "sender" of an email. If you used .NET, 4 lines of C# code can send any number of emails to any email address you want FROM ANY email address you want!
Finally, these email banks are also sold on the black market to other spammers. Obviously our own actions create these "quality" email lists.
When there are bots doing this 24 hours a day, and given the number of ignorant internet dwellers, there is an abundance of evidence that it gets profitable very soon.
Most times, these servers are placed in countries where there is no US jurisdiction/extradition.
Are you one of the many who is wondering how can some one be aiding Mr. Spam Artist just by looking at a picture of whatever?
Click this: http://www.darknet.org.uk/2006/09/web-based-e-mail-hotmail-yahoo-gmail-hackhacking-with-javascript/
Much more can be googled for at the pleasure of the reader.
posted by Pavan Kanaparthy at
9:37 AM
|
0 comments
