The Tools of the Trade
Two competing popular bulk mailers, Send-Safe and Dark-Mailer, are available on the market. Send-Safe advertises itself as a "real anonymous mailer" and was authored by Ruslan Ibragimov, who is also a prime suspect in the authoring of the Sobig virus (http://spamkings.oreilly.com/WhoWroteSobig.pdf). The allegations indicate that Ibragimov hired developers to assist in constructing a virus that would infect users to turn their machines into open proxies, enabling a competitive "stealth" advantage for his Send-Safe product. For this reason, Ibragimov is having great difficulty keeping his Web site hosted, since most ISPs do not condone spamming (see Figure 15). On his home page, Ibragimov offers multiple spammer tools that assist in conducting spamming in a "safe" and anonymous manner (see Figure 16).
Figure 15 Wayback's Machine Displaying the Last Known Send-safe.com Site
Figure 16 Send-Safe in action
Notice that multiple products are listed on this site, such as Honeypot Hunter, a tool used to detect whether the server allowing spam is a honeypot. A honeypot, according to Lance Spitzner, is "an information system resource whose value lies in unauthorized or illicit use of that resource"; read more at www.honeypot.org. There is also a proxy scanner, a list manager that helps them sort their mailing lists, an email verifier, and a Bulk instant messenger (IM) product.
Instant messengers are a playground for possible spam, but the prevention of spam within that environment is a lot easier, since there is centralized control of features offered by the IM network. This type of spam is called SPIM and is starting to gain some traction. The real threat to IM is that phishers do have access to logins for IMs such as Yahoo's, since they have stolen thousands upon thousands of Yahoo! email address logins using their methods of phishing sites and malware. With these logins, they can view a user's buddy list and start sending the users to sites that contain malicious content. The ROI will be high due to the trust factor, since the phishers are actually hijacking a trusted account.
Another popular bulk mailing tool is Dark Mailer, hosted in China at www.dark-mailer.com. This tool is probably now the most popular bulk-mailing tool used by phishers and spammers due to its feature-rich ability, ease of use, and spammer-specific qualities such as forging headers to appear like those from Outlook Express. This tool has been benchmarked as one of the faster bulk mailers on the market, sending roughly 500,000 emails per hour. It has SOCKS and HTTP proxy support, including testing and built-in macros for customization of headers as well as message randomization designed for spam-filter evasion (see Figure 17).
Figure 17 Macros for Header Customization
With the ready availability of tools and methodologies for sending spam and the quick ROI for the spammers, it is easy to see why spamming and phishing have become so popular. These activities not only create an interesting economy all on their own, starting with the programmers providing the tools to the phishers, but once these tools are available, the job becomes an effortless and profitable process. All that is required is a bored individual who has a keen desire to get rich quick by stealing money from others.
10 tips in 10 minutes: Phishing exposed
Tip 1: Email basics for Exchange admins
Tip 2: Understanding email delivery
Tip 3: Anonymous phishing email
Tip 4: How phishers forge email headers
Tip 5: Phishers use of open relays and proxy servers
Tip 6: How phishers send anonymous email
Tip 7: Phishers techniques for email harvesting
Tip 8: Phishers, hackers and insiders
Tip 9: Sending spam; phishing tools of the trade
Tip 10: Phishing email and spam filters