usenix conference policies
A Forensic Analysis of a Distributed Two-Stage Web-Based Spam Attack
Open mail relays have long been vilified as one of the key vectors for spam, and today - thanks to education and the blocking efforts of open relay databases (ORDBs) - relatively few open relays remain to serve spammers. Yet a critical and widespread vulnerability remains in an as-yet unaddressed arena: web-based email forms. This paper describes the effects of a distributed proxy attack on a vulnerable email form, and proposes easy-to-implement solutions to an endemic problem. Based on forensic evidence, we observed a well-designed and intelligently implemented spam network, consisting of large number of compromised intermediaries that receive instructions from an effectively untraceable source, and which attack vulnerable CGI forms. We also observe that although the problem can be easily mitigated, it will only get worse before it gets better: the vast majority of freely available email scripts all suffer from the same vulnerability; the load on most proxies is relatively very low and hard to detect; and many sites exploited by the compromised proxy machines may never notice that they have been attacked.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Daniel V. Klein},
title = {A Forensic Analysis of a Distributed {Two-Stage} {Web-Based} Spam Attack },
booktitle = {20th Large Installation System Administration Conference (LISA 06)},
year = {2006},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/lisa-06/forensic-analysis-distributed-two-stage-web-based-spam-attack},
publisher = {USENIX Association},
month = dec
}
connect with us