[SecurityRatty] tag: dkim

Dissecting a Managed Spamming Service

Wed, 30 Jul 2008 01:32:44 +0000

With cybercrime getting easier to outsource these days, and with the overall underground economy's natural maturity from products to services, "managed spamming appliances" and managed spamming services are becoming rather common. Increasingly, these "vendors" are starting to "vertically integrate", namely, start diversifying the portfolio of services they offer in order to steal market share from other "vendors" offering related services like, email database cleaning, segmentation of email databases, email servers or botnets whose hosts have a pre-checked and relatively clean IP reputation, namely they're not blacklisted yet.

How much does it cost to send 1 million spam emails these days? According to a random spamming service, $100 excluding the discounts based on the speed of sending desired, namely 10-20 per second or 20-30 per second. Let's dissect the service, and emphasize on its key differentiation factors, as well as the customerization offered in the form of a dedicated server if the customer would like to send billions of emails :

"-- High quality and percentage of spam delivery
-- Fast speed of delivery
-- Spam database on behalf of the vendor, or using your own database of harvested emails
-- Easily obtainable and segmented spam databases on per country basis
-- Randomization of the spam email's body and headers in order to achieve a higher delivery rate
-- Support for attachments, executables, and image files

The cost - $100 for a million for letters delivered spam, with the large volume of spam discounts 20% -30% -40% based on the value-added Do-it-yourself customer interfare based on a multi-user botnet command and control interface :

-- Automatic RBL verification
-- Support for many subjects, headers,
-- Total customization of the email sending process
-- Autogenerating junk content next to the spammers email/link in order to bypass filtering
-- Faking Outlook Message ID / Boundary / Content-ID
-- Interface added. Now do not necessarily understand all the features into the system to start the list.
-- Convenient management tasks.
-- A high percentage of punching, on the basis of good europe - 40-60% (For the United States - less because there aol and others).
-- Improved metrics, whether or not the emails have been sent, lost, unknown receipt, or have been RBL-ed

With the weight of a billion - even discounts and the possibility of making a personal server. "

Rather surprising, they state that European email users have a higher probability of receiving the spam message compared the U.S due to AOL. What they're actually trying to say is due to AOL's use of Domain Keys Identified Mail (DKIM). As far as localization of the spam to the email owner's native language is concerned, this segmentation concept has been take place for over an year now.

This service, like the majority of others rely entirely on malware infected hosts, which due to the multi-user nature of most of the malware command and control interfaces, allows them to easily add customers and set their privileges based on the type of service that they purchase. This leaves a countless number of opportunities for targeted spamming, and yes, spear phishing attacks made possible due to the segmentation of the emails based on a country, city, even company.

In the long term, the people behind spamming providers, web malware exploitation kits and DIY phishing kits, will inevitably start introducing built-in features which were once available through third-party services. For instance, hosting infrastructure for the spam/phishing/live exploit URLs, or even managed fast-flux infrastructure, have the potential to become widely available if such optional features get built-in phishing kits, or start getting offered by the spamming provider itself. And since the affiliate based model seems to be working just fine, the ongoing underground consolidation will converge providers of different underground goods and services, where everyone would be driving customers to one another's services and earning revenue in the process.

PayPal E-mail authentication

Fri, 22 Feb 2008 03:33:00 +0000

PayPal is one of the 2-3 most phished brands out there. That means they are targeted more often by phishing attacks than anyone else. If you use PayPal, then you need to be aware of the security capabilities they use to protect your account information. NetworkWorld had a recent interview discussing their security methods.

Two-factor authentication - PayPal will issue you a token to more securely authenticate to your account. It costs $5 and you'll have to carry it around. I definitely adds more security to your account, but you have to carry the thing around. Did I mention you have to carry it around? I think using a strong password will provide enough security.
Signed e-mail - PayPal also used a technology called DKIM (domain keys internet mail) to add a digital signature to any emails they send to you. Many of the major email client (yahoo and gmail for sure) will tell you the message is signed. This verifies that the message is actually from PayPal and not from an attacker. Below you can see what the signature looks like in Gmail. The "signed-by" and "mailed-by" fields show that paypal.com has sent the message.

As usual, an ounce of awareness is worth a couple of pounds of protection. Your own knowledge is far and away your best defense.

Deploying antiphishing technology DKIM in 3 simple steps

Sun, 10 Feb 2008 21:00:00 +0000

Experts say that a company needs to take three steps to deploy the emerging DomainKeys Identified Mail (DKIM) standard.

Powerful new antiphishing weapon emerges

Sun, 10 Feb 2008 21:00:00 +0000

Some of the Internet’s most powerful companies -- including Yahoo, Google, PayPal and AOL-- are brandishing a new weapon in the ongoing battle against e-mail fraud. It is called DKIM, an emerging e-mail authentication standard developed by the Internet Engineering Task Force, and it allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.

Fundamental Principles of Network Security	Advertisement
Protect the organization. Learn the 'Need To Know' aspects of network security. Free paper from APC.

Will Yahoo block messages that aren't signed?

Sun, 10 Feb 2008 21:00:00 +0000

Q&A with Yahoo executive on its e-mail fraud protection technology, called DKIM, or DomainKeys Internet...