Understanding the Network Level Behavior of Spammers

This paper studies the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent (in time) each spamming host is, botnet spamming characteristics, and techniques for harvesting email addresses. This paper studies these questions by analyzing an 18-month trace of over 10 million spam messages collected at one Internet "Spam sinkhole", and by correlating these messages with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet "Command and control" traces.

Provided by: Georgia Tech Topic: Security Date Added: Jan 2011 Format: PDF

Find By Topic