It has been a widespread problem over a network whether a personal peer-to-peer connection, wired connection, local area network, metropolitan area network or even wide area network connection; a problem of spamming as a means of attack. Thousands of computers are hacked through this method. This research comes up with a ray of light on what “spam attack” means, its processes of hacking, methods of tackling and how does it affects our computers. This research is done by Muhammad Auwal Ahmad as an academic work.
Introduction
Spamming is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same website. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam.
Spam Attack: The Concept
As clearly explained what “spam” means above, we’d go into giving a brief detail on the concept of “spam attack”. This method of sending an unsolicited message to internet users commonly known as spam, is definitely a best way to attack them by attaching malicious attachments into their secured or unsecured accounts. Spammers used this method to attack users by spamming their inbox (depends of the type) to social engineer them; in most cases to gain an unauthorized access into the victims accounts. This method is undoubtedly the reason why webmasters don’t allow file upload on their websites. Spamming the website is dangerous as long as it is allowed. The second method of attack is by attaching malicious contents in the spam message to perform an unauthorized operation in the victim’s system, these include: spywares, viruses, malwares and/or worms.
Different Forms of Spamming
There are different forms of spamming in this case. The most important and widely known are:
1. Email Bombing Attack
Email spam, also referred to as junk email, is unsolicited messages sent in bulk by email. E-mail Spam is really hard to fight against. If an e-mail gets on the hands of just one mass spammer, it’s pretty much compromised. Spam in email started to become a problem when the Internet was opened for commercial use in the mid-1990s. It grew exponentially over the following years, and by 2007 it constituted about 80% to 85% of all e-mail, by a conservative estimate. There are many methods and types of email spam used by attackers (spammers) to junk an email for many purposes, these include:
i. Phishing – is an advanced type of spam email. Thieves disguise themselves as well-known brands with an excellent reputation to get sensitive data like users’ names, passwords, credit cards, bank account, etc. They usually frighten or excite users leading them to a fake website where the cheated people for their money. This method is usually done through links.
ii. Image spam – also called image-based spam, is an obfuscation method by which text of the message is stored as a GIF or JPEG image and displayed in the email. This prevents text-based spam filters from detecting and blocking spam messages.
iii. Blank spam – is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line. Still, it fits the definition of spam because of its nature as bulk and unsolicited email.
Email Spamming Methods
Spammers usually offer their (sometimes illegal) services to companies or individuals looking for a “cheaper” way to advertise their products. Spammers sell the databases to the promoting companies or they sell the complete service: harvesting, designing the message route to avoid detection and sending the spam email. The promoters gain by shifting advertising costs to the message recipients. The spam message is sent to collections of email addresses, gathered in various ways:
- Harvesting (using computer programs to search for email addresses in public areas, on websites or insecure mail servers);
- Flooding or dictionary spamming (using automatically generated accounts on given domains);
- e-pending (searching valid addresses for specific persons and criteria);
- Usenet posting (newsgroup posting);
- Subscribing to email lists, in order to access the list of all available email addresses;
- Using malware to access the users’ address books or personal data;
- Spying network traffic;
- Stealing information databases;
- Using viruses to grab data entered by the users in online ordering applications.
2. Social spam
As email spam filters became more effective, catching over 95% of these messages, spammers have moved to a new target – the social web. Social spam is, of course, spreading beyond the centrally managed social networking platforms, user-generated content increasingly appears on business, government, and nonprofit websites worldwide. Fake accounts and comments planted by computers programmed to issue social spam can infiltrate these websites. Social spam is on the rise, with analysts reporting over a tripling of social spam activity in six months. It is estimated that up to 40% of all social user accounts are fake, depending on the site. In August, 2012, Facebook admitted through its updated regulatory filing that 8.7% of its 955 million active accounts were fake.
Types of Social spam
i. Commercial spam – is a comment that has commercial content irrelevant to the discussion at hand. In most websites, the spammer uses software, such as ScrapeBox, to find potential targets and blasts them with comments. The comments are useless to the victim, but create blacklinks to the spammer’s website.
ii. Social networking spam – is spam directed specifically at users of internet social networking services such as Google+, Facebook, Pinterest, LinkedIn, or MySpace. These spammers can utilize the social network’s search tools to target certain demographic segments, or use common fan pages or groups to send notes from fraudulent accounts. Such notes may include embedded links to pornographic or other product sites designed to sell something.
iii. Bulk submissions – are a set of comments repeated multiple times with the same or very similar text. These messages, also called as spam-bombs, can come in the form of one spammer sending out duplicate messages to a group of people in a short period of time, or many active spam accounts simultaneously posting duplicate messages. Bulk messages can cause certain topics or hashtags to trend highly. For example, in 2009, a large number of spam accounts began simultaneously posting links to a website, causing ‘ajobwithgoogle’ to trend
iv. User-submitted insults – are comments that contain mildly or strongly insulting language against a specific person or persons. These comments range from mild name-calling to severe bullying. Online bullies often use insults in their interactions, referred to as cyberbullying
v. Malicious links – User-submitted comments can include malicious links that will inappropriately harm, mislead, or otherwise damage a user or computer. These links are most commonly found on video entertainment sites, such as YouTube. When a user clicks on a malicious link, the result can include downloading malware to the user’s device, directing the user to sites designed to steal personal information, drawing unaware users into participating in concealed advertising campaigns, and other harmful consequences. Malware can be very dangerous to the user, and can manifest in several forms: viruses, worms, spyware, Trojan horses, or adware.
3. Internet forum spam
Forumspam consists of posts on Internet forums that contains related or unrelated advertisements, links to malicious websites, trolling and abusive or otherwise unwanted information. Forum spam is usually posted onto message boards by automated spambots or manually with unscrupulous intentions with one idea in mind: to get the spam in front of readers who would not otherwise have anything to do with it intentionally.
4. File sharing attack
This type of attack causes system’s weaknesses in which a Denial of service Attack is carried out as a means of harming the system by over flooding of unsourced traffics and malicious contents. This type of attack also destroys a system by uploading malicious contents into one’s server and database. Those malicious contents may contain a Trojan horse virus which may probably perform either passive or active attack on the system. To prevent such, file uploading should be terminated by database users as well as downloading those untrusted and unsourced contents.
How Does “Spam Attack” Destroys a System?
Spam attack is considered a hacking technique that destroys a system in the way of junking victims’ accounts by sending malicious attachments and contents into their accounts or system, or by social engineering them to download those malicious contents into their systems. This type of attack called “spam attack” can weaken a system if it is attacked when, for example, a worm or Trojan horse is downloaded into it.
Conclusion
In the conclusion of this research, we’ve learned that a spam attack is a dangerous form of real hacking. It is used in the way of social engineering to persuade victims as showed in different forms of spam attack. Secondly, we’ve learned that spam attack has many types and methods, and these includes email spam, social spam, file sharing spam, forum spam, and many others and all of these attacks are very dangerous. To prevent being a victim of such attacks, serious action should be taken to be safe. Two of the most widely-known methods are:
(1) avoid posting private details to public like email addresses
(2) avoid downloading untrusted contents on the web
References
[1] Wikipedia, “Spamming”, https://en.wikipedia.org/Spamming
[2] Cognitive SEO, “5 Common Ways of Spam and How you can Protect Yourself against them”, https://cognitiveseo.com/blog/18718/5-common-types-spam-can-protect/
[3] Nolo, “How Does Spam Work?”, https://www.nolo.com/legal-encyclopedia/consumer-protection
[4] HowToGeek, “How Email Bombing Uses Spam to Hide an Attack”, https://www.howtogeek.com/412316/how-email-bombing-uses-spam-to-hide-an-attack/
[5] Avira, “What is Email Spam”, https://www.avira.com/en/support-what-is-email-spam
0 Comments