Check out the new USENIX Web site.
USENIX, The Advanced Computing Systems Association

LISA '06 Abstract

Pp. 31–40 of the Proceedings

Awarded Honorable Mention!

A Forensic Analysis of a Distributed Two-Stage Web-Based Spam Attack

Daniel V. Klein, LoneWolf Systems

Abstract

Open mail relays have long been vilified as one of the key vectors for spam, and today - thanks to education and the blocking efforts of open relay databases (ORDBs) - relatively few open relays remain to serve spammers. Yet a critical and widespread vulnerability remains in an as-yet unaddressed arena: web-based email forms. This paper describes the effects of a distributed proxy attack on a vulnerable email form, and proposes easy-to-implement solutions to an endemic problem. Based on forensic evidence, we observed a well-designed and intelligently implemented spam network, consisting of large number of compromised intermediaries that receive instructions from an effectively untraceable source, and which attack vulnerable CGI forms. We also observe that although the problem can be easily mitigated, it will only get worse before it gets better: the vast majority of freely available email scripts all suffer from the same vulnerability; the load on most proxies is relatively very low and hard to detect; and many sites exploited by the compromised proxy machines may never notice that they have been attacked.
  • View the full text of this paper in HTML and PDF. Listen to the presentation and Q & A in MP3 format.
    The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
To become a USENIX member, please see our Membership Information.

Last changed: 19 April 2007 ac