click trajectories: end-to-end analysis of the spam value chain
DESCRIPTION
Click Trajectories: End-to-End Analysis of the spam value chain. Kirill Levchenko , Andreas Pitsillidis , Neha Chachra , Brandon Enright , Tristan Halvorson , Chris Kanich , He Liu , Damon McCoy , Geoffrey M. Voelker , Stefan Savage Dept. of CSEE University of California, San Diego - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/1.jpg)
Click Trajectories: End-to-Click Trajectories: End-to-End Analysis of the spam End Analysis of the spam value chainvalue chain
Kirill Levchenko , Andreas Pitsillidis , Neha Chachra , Brandon Enright , Tristan Halvorson , Chris Kanich , He Liu , Damon McCoy , Geoffrey M. Voelker , Stefan Savage Dept. of CSEE University of California, San Diego
M. Felegyhazi Budapest University of Technology and Economics
Chris Grier Dept. of CSEE University of California, Berkeley
Christian Kreibich , Nicholas Weaver , Vern Paxson
International Computer Science Institute Berkeley , CA
Presented by Xinruo Zhang 04/04/2012
![Page 2: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/2.jpg)
Outline Outline
IntroductionImplementationAnalysis for a particular exampleData collection methodContributionWeakness & improvement
![Page 3: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/3.jpg)
IntroductionIntroduction
Spam-based advertising to us◦Think of it merely as junk that jamming
inboxTo spammer
◦Think it is a multi-million businessSpam value chain (aka Spam
ecosystem)◦botnet, domain, name server, web
server, hosting or proxy service acquired
![Page 4: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/4.jpg)
Introduction (cont’d)Introduction (cont’d)
Three categories of spam-advertised products◦Illegal pharmaceuticals, replica
luxury goods and counterfeit software
◦Nearly 95% of spam-advertised emails contains these three popular products
![Page 5: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/5.jpg)
ImplementationImplementation
How modern spam works?◦Advertising, Click Support and Realization
Advertising◦Includes all activities focused on attracting
potential customers to pay attention to what the spammers want to sell
◦The most evolved part of the spam ecosystem, particularly, the delivery of email spam
![Page 6: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/6.jpg)
ImplementationImplementation
Click Support◦In this stage, having delivered their
advertisement, a spammer entice the receiver into clicking an embedded URL with their best effort.
◦Redirection sites, Domains, Name servers, Webs servers, and affiliate programs
![Page 7: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/7.jpg)
ImplementationImplementation
Click Support◦Redirection sites: redirect to
additional URLs. Because some spammers directly advertise a URL embedded in email and thus they would encounter various of defensive measures to interfere their activities.
![Page 8: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/8.jpg)
ImplementationImplementation
Click Support◦Domain: typically, a spammer may
purchase domains directly from a registrar, however, in real life, they frequently purchase from reseller.
◦Name server: any registered domain in turn have supporting name server infrastructure. Get infrastructure either by themselves or by third party.
![Page 9: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/9.jpg)
ImplementationImplementation
Click Support◦Stores and Affiliate programs
Today spammers work as affiliates of an online store, earns a commission
The affiliate program provides all technique and materials
Furthermore, affiliate programs even take responsibility for payment and fulfillment service
![Page 10: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/10.jpg)
ImplementationImplementation
Realization◦have brought the customers to an
advertised site, the seller realizes the latent value by acquiring the customer’s payment
◦it contains two processes: Payment service and Fulfillment service
![Page 11: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/11.jpg)
ImplementationImplementation
Payment service◦Standard credit card payment
In order to get the most value ◦Issuing bank
Customer’s bank◦Acquiring bank
Merchant’s bank◦Card association network
Visa or MasterCard
![Page 12: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/12.jpg)
ImplementationImplementation
Fulfillment◦Fulfill an order in return for
customer’s payment◦Shipping issue
Suppliers will offer direct shipping service so affiliate program can avoid warehousing
Virtual products can be got via internet download
![Page 13: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/13.jpg)
Practical ExamplePractical Example
![Page 14: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/14.jpg)
Data Collection MethodData Collection Method
![Page 15: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/15.jpg)
Data Collection MethodData Collection Method
![Page 16: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/16.jpg)
ContributionContribution
Lack a solid understanding of the spam-based enterprise’s full structure before
And most anti-spam interventions focus on only one facet of the overall spam value chain
authors present a whole analysis for spam ecosystem with large-scale practical study
![Page 17: Click Trajectories: End-to-End Analysis of the spam value chain](https://reader030.vdocuments.net/reader030/viewer/2022033100/568148ec550346895db6075b/html5/thumbnails/17.jpg)
Weakness & ImprovementWeakness & Improvement
lack of legal and ethical concerns◦For some issue concerns the ethics
of any implicit harm caused by criminal supplier
only have one medium – email spam◦Consider twitter spam, other social
network spam