click trajectories: end-to-end analysis of the spam value chain kirill levchenko, andreas...
TRANSCRIPT
Click Trajectories: End-to-Click Trajectories: End-to-End Analysis of the spam End Analysis of the spam value chainvalue chain
Kirill Levchenko , Andreas Pitsillidis , Neha Chachra , Brandon Enright , Tristan Halvorson , Chris Kanich , He Liu , Damon McCoy , Geoffrey M. Voelker , Stefan Savage Dept. of CSEE University of California, San Diego
M. Felegyhazi Budapest University of Technology and Economics
Chris Grier Dept. of CSEE University of California, Berkeley
Christian Kreibich , Nicholas Weaver , Vern Paxson
International Computer Science Institute Berkeley , CA
Presented by Xinruo Zhang 04/04/2012
Outline Outline
IntroductionImplementationAnalysis for a particular exampleData collection methodContributionWeakness & improvement
IntroductionIntroduction
Spam-based advertising to us◦Think of it merely as junk that jamming
inboxTo spammer
◦Think it is a multi-million businessSpam value chain (aka Spam
ecosystem)◦botnet, domain, name server, web
server, hosting or proxy service acquired
Introduction (cont’d)Introduction (cont’d)
Three categories of spam-advertised products◦Illegal pharmaceuticals, replica
luxury goods and counterfeit software
◦Nearly 95% of spam-advertised emails contains these three popular products
ImplementationImplementation
How modern spam works?◦Advertising, Click Support and Realization
Advertising◦Includes all activities focused on attracting
potential customers to pay attention to what the spammers want to sell
◦The most evolved part of the spam ecosystem, particularly, the delivery of email spam
ImplementationImplementation
Click Support◦In this stage, having delivered their
advertisement, a spammer entice the receiver into clicking an embedded URL with their best effort.
◦Redirection sites, Domains, Name servers, Webs servers, and affiliate programs
ImplementationImplementation
Click Support◦Redirection sites: redirect to
additional URLs. Because some spammers directly advertise a URL embedded in email and thus they would encounter various of defensive measures to interfere their activities.
ImplementationImplementation
Click Support◦Domain: typically, a spammer may
purchase domains directly from a registrar, however, in real life, they frequently purchase from reseller.
◦Name server: any registered domain in turn have supporting name server infrastructure. Get infrastructure either by themselves or by third party.
ImplementationImplementation
Click Support◦Stores and Affiliate programs
Today spammers work as affiliates of an online store, earns a commission
The affiliate program provides all technique and materials
Furthermore, affiliate programs even take responsibility for payment and fulfillment service
ImplementationImplementation
Realization◦have brought the customers to an
advertised site, the seller realizes the latent value by acquiring the customer’s payment
◦it contains two processes: Payment service and Fulfillment service
ImplementationImplementation
Payment service◦Standard credit card payment
In order to get the most value ◦Issuing bank
Customer’s bank◦Acquiring bank
Merchant’s bank◦Card association network
Visa or MasterCard
ImplementationImplementation
Fulfillment◦Fulfill an order in return for
customer’s payment◦Shipping issue
Suppliers will offer direct shipping service so affiliate program can avoid warehousing
Virtual products can be got via internet download
Practical ExamplePractical Example
Data Collection MethodData Collection Method
Data Collection MethodData Collection Method
ContributionContribution
Lack a solid understanding of the spam-based enterprise’s full structure before
And most anti-spam interventions focus on only one facet of the overall spam value chain
authors present a whole analysis for spam ecosystem with large-scale practical study
Weakness & ImprovementWeakness & Improvement
lack of legal and ethical concerns◦For some issue concerns the ethics
of any implicit harm caused by criminal supplier
only have one medium – email spam◦Consider twitter spam, other social
network spam