CSE91.Spam09

CSE91.Spam09 - Spam: Why? + = Chris Kanich Christian...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Spam: Why? Spam: Why? Chris Kanich Christian Kreibich Kirill Levchenko Brandon Enright Vern Paxson Geoffrey M. Voelker Stefan Savage + =
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 What is Computer security? What is Computer security?
Background image of page 2
3 What is Computer security? What is Computer security? Most of computer science is about providing functionality : User Interface Software Design Algorithms Operating Systems/Networking Compilers/PL Microarchitecture VLSI/CAD Computer security is not about functionality It is about how the embodiment of functionality behaves in the presence of an adversary Security mindset – think like a bad guy
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
My Background My Background Collaborative Center for Internet Epidemiology and Defenses (CCIED ) UCSD/ICSI group created in response to worm threat Very well funded, many strong partners Goals Internet epidemiology : measuring/understanding attacks Automated defenses : stopping outbreaks/attacks Economic and legal issues : that other stuff
Background image of page 4
Many big successes… Many big successes… 50+ papers, lots of tech transfer, big sytems, etc Network Telescope Passive monitor for > 1% of routable Internet addr space Potemkin & GQ Honeyfarms Active VM honeypot servers on >250k IP addresses Earlybird On-line learning of new worm signatures in < 1ms
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
But… depressing truth But… depressing truth We didn’t stop Internet worms, let alone malware, let alone cybercrime… nor did anyone else. At best, moved it around a bit. By any meaningful metric the bad guys are winning… Mistake: looking at this solely as a technical problem
Background image of page 6
Key threat transformations Key threat transformations of the 21 of the 21 st st century century Efficient large-scale compromises Internet communications model Software homogeneity User naïveity/fatigue Centralized control Makes compromised host a commodity good Platform economy Profit-driven applications Commodity resources (IP, bandwidth, storage, CPU) Unique resources (PII/credentials, CD-Keys, address book, etc) 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DDoS for sale DDoS for sale Emergence of economic engine for Internet crime SPAM, phishing, spyware, etc Fluid third party markets for illicit digital goods/services Bots ~$0.5/host, special orders, value added tiers Cards, malware, exploits, DDoS, cashout, etc.
Background image of page 8
9 3.6 cents per bot week 6 cents per bot week 2.5 cents per bot week September 2004 postings to SpecialHam.com, Spamforum.biz >20-30k always online SOCKs4, url is de-duped and updated > every 10 minutes. 900/weekly, Samples will be sent on > request.  Monthly payments arranged at discount prices. >$350.00/weekly - $1,000/monthly (USD)  >Type of service: Exclusive (One slot only) >Always Online: 5,000 - 6,000 >Updated every: 10 minutes >$220.00/weekly - $800.00/monthly (USD) >Type of service: Shared (4 slots) >Always Online: 9,000 - 10,000 >Updated every: 5 minutes Botnet Spammer Rental Rates Botnet Spammer Rental Rates Bot Payloads
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 10
Spamalytics 11
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Key structural asymmetries
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 54

CSE91.Spam09 - Spam: Why? + = Chris Kanich Christian...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online