Spam, Phishing, and the Looming Challenge of Big Botnets

Hemmingsen, Ren´e H.; Aycock, John; Jacobson Jr., Michael

Spam, Phishing, and the Looming Challenge of Big Botnets

Files

2007-865-17.pdf(53.49 KB)

2007-865-17.ps(440.7 KB)

Date

2007-05-17

Authors

Hemmingsen, Ren´e H.

Aycock, John

Jacobson Jr., Michael

Abstract

What could a spammer or phisher do with a botnet of a thousand machines? a hundred thousand? a million? Send lots of email is the least worrisome answer to these questions. As anti-spam and anti-phishing defenses improve, there is more than sufficient financial motivation for spammers and phishers to consider what they can accomplish with enormous scale. We begin by looking at a wide range of anti-spam defenses. Many of these, like rate limiting and port 25 blocking, will simply no longer work against big botnets; we explain why. Further, the basic cryptographic assumptions underlying the implementation of SSL certificates and DomainKeys/DKIM need re-examination in light of the massive computing power of big botnets. We describe possible attacks by spammers and phishers, and the implications these attacks have in terms of defense.

Keywords

Computer Science

URI

http://hdl.handle.net/1880/45379

Collections

Science Research & Publications

Full item page