Sending spam; phishing tools of the trade

Learn about the popular bulk-mailing tools that aid phishers in doing in their job.

This Content Component encountered an error

You are reading tip #9 from "10 tips in 10 minutes: Phishing exposed," excerpted from Chapter 3 of the book Phishing Exposed, published by Syngress Publishing.

As we learned in Chapter 2, we had employed the use of a bulk-mailing tool to send our phish emails to our target victims. The tool used is a primitive one in comparison to the power and extensibility that can be exercised in sending spam emails. Some popular bulk-mailing tools on the market today have features that pretty much offer spammers a turnkey solution to their email activities. Here we review the popular ones used in phishing.

The Tools of the Trade

Two competing popular bulk mailers, Send-Safe and Dark-Mailer, are available on the market. Send-Safe advertises itself as a "real anonymous mailer" and was authored by Ruslan Ibragimov, who is also a prime suspect in the authoring of the Sobig virus (http://spamkings.oreilly.com/WhoWroteSobig.pdf). The allegations indicate that Ibragimov hired developers to assist in constructing a virus that would infect users to turn their machines into open proxies, enabling a competitive "stealth" advantage for his Send-Safe product. For this reason, Ibragimov is having great difficulty keeping his Web site hosted, since most ISPs do not condone spamming (see Figure 15). On his home page, Ibragimov offers multiple spammer tools that assist in conducting spamming in a "safe" and anonymous manner (see Figure 16).

Figure 15
Figure 15 Wayback's Machine Displaying the Last Known Send-safe.com Site

Figure 16
Figure 16 Send-Safe in action

Notice that multiple products are listed on this site, such as Honeypot Hunter, a tool used to detect whether the server allowing spam is a honeypot. A honeypot, according to Lance Spitzner, is "an information system resource whose value lies in unauthorized or illicit use of that resource"; read more at www.honeypot.org. There is also a proxy scanner, a list manager that helps them sort their mailing lists, an email verifier, and a Bulk instant messenger (IM) product.

Instant messengers are a playground for possible spam, but the prevention of spam within that environment is a lot easier, since there is centralized control of features offered by the IM network. This type of spam is called SPIM and is starting to gain some traction. The real threat to IM is that phishers do have access to logins for IMs such as Yahoo's, since they have stolen thousands upon thousands of Yahoo! email address logins using their methods of phishing sites and malware. With these logins, they can view a user's buddy list and start sending the users to sites that contain malicious content. The ROI will be high due to the trust factor, since the phishers are actually hijacking a trusted account.

Another popular bulk mailing tool is Dark Mailer, hosted in China at www.dark-mailer.com. This tool is probably now the most popular bulk-mailing tool used by phishers and spammers due to its feature-rich ability, ease of use, and spammer-specific qualities such as forging headers to appear like those from Outlook Express. This tool has been benchmarked as one of the faster bulk mailers on the market, sending roughly 500,000 emails per hour. It has SOCKS and HTTP proxy support, including testing and built-in macros for customization of headers as well as message randomization designed for spam-filter evasion (see Figure 17).

Figure 17
Figure 17 Macros for Header Customization

With the ready availability of tools and methodologies for sending spam and the quick ROI for the spammers, it is easy to see why spamming and phishing have become so popular. These activities not only create an interesting economy all on their own, starting with the programmers providing the tools to the phishers, but once these tools are available, the job becomes an effortless and profitable process. All that is required is a bored individual who has a keen desire to get rich quick by stealing money from others.


10 tips in 10 minutes: Phishing exposed

 Home: Introduction
 Tip 1: Email basics for Exchange admins
 Tip 2: Understanding email delivery
 Tip 3: Anonymous phishing email
 Tip 4: How phishers forge email headers
 Tip 5: Phishers use of open relays and proxy servers
 Tip 6: How phishers send anonymous email
 Tip 7: Phishers techniques for email harvesting
 Tip 8: Phishers, hackers and insiders
 Tip 9: Sending spam; phishing tools of the trade
 Tip 10: Phishing email and spam filters

This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.

Dig deeper on Phishing and Email Fraud Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close