Spammer Success through Customization and Randomization of URLs Observations from a Very Large Spam Corpus

被引：0

作者：

Warner, Gary ^{[1
]}

Rajani, Dhiraj ^{[1
]}

Nagy, Mike ^{[1
]}

机构：

[1] Univ Alabama Birmingham, Ctr Informat Assurance, Joint Forens Res, Birmingham, AL 35294 USA

来源：

PROCEEDINGS OF THE 2015 APWG SYMPOSIUM ON ELECTRONIC CRIME RESEARCH (ECRIME) | 2015年

关键词：

spam; malicious email; URL evaluation; domain registration;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Spam researchers and security personnel require a method for determining whether the URLs embedded in email messages are safe or potentially hostile. Prior research has been focused on spam collections that are quite insignificant compared to real-world spam volumes. In this paper, researchers evaluate 464 million URLs representing nearly 1 million unique domains observed in email messages in a six day period from November 2014. Four methods of customization and randomization of URLs believed to be used by spammers to attempt to increase deliverability of their URLs are explored: domain diversity, hostname wild-carding, path uniqueness, and attribute uniqueness. Implications of the findings suggest improvements for "URL blacklist" methods, methods of sampling to decrease the number of URLs that must be reviewed for safety, as well as presenting some challenges to the ICANN, Registrar, and Email Safety communities.

引用

页码：53 / 58

页数：6

共 14 条

[1] [Anonymous], 2010, ACM WORKSH ART INT S
[2] Emigh Aaron., 2006, J DIGITAL FORENSIC P, V1, P245
[3] Ferguson P., 2012, USENIX WORKSH LARG S
[4] Guerra P., 2010, CEAS 2010
[5] Hao S., 2013, P 2013 C INT MEAS
[6] Hao S., 2011, P 2011 ACM SIGCOMM C
[7] Mahjoub D., 2013, ECRIM RES SUM
[8] Parsons B., 2006, DOMAIN KITING
[9] Pitsillidis A., 2012, P 2012 ACM C INT MEA
[10] Raj V., 2014, INT J INNOVATIVE RES, V2

← 1 2 →