Vuong, Tuan Phan and Gan, Diane ORCID: 0000-0002-0920-7572 (2012) A targeted malicious email (TME) attack tool. In: 6th International Conference on Cybercrime Forensics Education & Training, 6-7 Sep 2012, Canterbury, Kent, UK.

Full text not available from this repository.

Abstract

Spam email is a big problem on the Internet, with 89% of all email consisting of spam. The aim of this work was to investigate the technologies required to send spam email and then to develop an automated tool. The tool would need to perform three steps, which were email harvesting, applying social engineering to the content and finally sending out the spam emails. This work clearly demonstrated how emails could still be harvested to produce spam emails, even when the Web Administrator had attempted to obfuscate them. Two common techniques to protect email addresses included replacing the text of address with an image or using JavaScript to safeguard email address in the code used to write the web page. Both of these techniques are aimed at discouraging harvesting activities. In order to bypass the anti-spam system, spammers need to harvest large numbers of valid email addresses and therefore this process needed to be automated. Having identified how the email addresses were stored, these then had to be extracted for use in the tool. This was done using regular expressions. Having obtained a large number of valid emails, the next step was to design an email that the “victim” would open using social engineering techniques, known as a targeted malicious email (TME). It was important to understand the motivation behind TME because this affected the success of the attack. TME needed to pay more attention to the list of recipients and the content of the emails, as well as the process of delivery. TME distribution was also limited to specific groups of users. This meant that the email contents could be crafted to match the interests of the target group. The content template was applied to the sending email. In order to deliver the email, the tool had to be able to interact with the SMTP server to send out the email. Open relay server was selected for managing this process. The tool was able to harvest email addresses, send deceptive messages based on social engineering and perform targeted email attacks using the CMS School web site at the University of Greenwich as the “victim”. In conclusion, a strategy is proposed to prevent automated tools such as the one presented from gathering the information for use in spam mail.

Item Type:	Conference or Conference Paper (Paper)
Additional Information:	[1] This paper was presented on Day 2, 7 September 2012, at the 6th International Conference on Cybercrime Forensics Education & Training held from 6-7 September 2012 in Canterbury, Kent, UK.
Uncontrolled Keywords:	spam email, social engineering, regular expressions, targeted malicious email (TME)
Subjects:	Q Science > QA Mathematics > QA76 Computer software
Pre-2014 Departments:	School of Computing & Mathematical Sciences
Related URLs:	Organisation Organisation
Last Modified:	14 Oct 2016 09:24
URI:	http://gala.gre.ac.uk/id/eprint/9942

Actions (login required)

View Item