part of the botnet) mail servers configured to act as relays or open proxies

The products chosen need a large and reachable customer population. It
is, after all, a numbers game.The spammers count on getting a certain number
of customers out of every run. In the case cited previously, the spammers only
needed one sale out of every 30,000 to make a good profit.The customers
must want to buy the products via this unusual medium. In this case, the
motivation could be embarrassment or cost. In the case of pump and dump
stocks, the motivation is greed. Note, too, that the spam needs to get by many
(but not all) of the anti-spam filtering techniques.
Ironically, some large ISPs have begun to provide anti-spam software or
services due to the demand of their customer base.This is a case where the
spammers may have been their own worst enemy. By not exercising constraint
(which is not in their nature), they have caused ISPs to respond to keep cus-
tomers from changing to other ISPs.
Spammers prefer to find an organization that permits individual com-
puters to send SMTP outbound as opposed to sending it through a local
SMTP server where it might be checked for spam.They also prefer organiza-
tions that do not keep statistics, such as top outbound mail senders, and so
forth. Organizations that permit inactive accounts to stay open are also targets
for spam sending botnets. Botnet herders can pound away at these inactive
accounts trying to guess their passwords since there is no one using the
account to notice. Large organizations with many inactive accounts and large
amounts of user rollover, like universities, are a prime target.These accounts
can be on both UNIX and PC systems, since mail is ubiquitous.
For phishing and pharming attacks, the target is personal information,
financial information, credit card numbers, and access to financial Web
accounts (for piggybacking).There are three components to the phishing
attack. First, you have to herd the victims to your collection sites. For this, the
phisherman could use a botnet in much the same fashion as the spammers.
This spam would look like e-mails from banks or other financial institutions.
You could also use pharming techniques. For pharming, the botherder targets
local DNS, either on a PC host directly or by a targeted attack on the local
DNS servers.Taking over DNS in toto is an awesome venue for man-in-the-
middle attacks. Now the phishing site needs to masquerade as the real site.
Many do this by using images that were extracted from a real financial or
business site.The herding activities discussed are all technical elements of a
social engineering attack.The attack depends on the user being unable to

Download 6,98 Mb.

Do'stlaringiz bilan baham: