金曜日, 9月 02, 2011

【スパム情報】8月日本語スパムメールのドメインソースに付いて (Spam Info in Japan, Aug 2011)


平成8月トップ日本語迷惑メールのドメイン名一覧は下記となります。

※スパムのターゲットは携帯メアド(メイン)とパソコンメアドです。
※下記に書いたドメインに付いて、なりすましメールフィルターだけに任せると全然きかないので手でブラックリストに登録手続きが必要です。
※マルウェアの感染が低いですが他のセキュリティ問題、詰まり個人情報漏れ又は詐欺の問題可能性が高いですから気をつけて下さい。念のために英文の所にサンプル3件を入れたので、似たような内容メールが届いたら直ぐに消して下さい。
※これから英文の説明となります、海外専門の方々の理解が必要なので、その為に作りました。原因は:殆どスパム対策製品は海外製品が多いですので、国内のスパム仕組みと海外が違うので下記の英文説明があった方がいいと思います。
*) English thorough explanation are in below:

sokupure.com
prurun.jp
k11z91y221.me
plulun.jp
k11z91y221.me
e0721.com
attmil.ne.jp
gangandeau.com
wmisi.jp
otokuzyouhou.jp
3939117.com

The above domains are top list of japanese spam mails source in Aug 2011.
Can't easily blocked by FQDN or MX check since the domains was registered properly with a good reputation.
Those domains are alive now and agressively sending spams to mobile and PC mail rapidly, and ONLY in Japanese format.

Japanese spams is working in the different scheme compare to the worldwide malvertising/spambot scheme, I hope the below explanation will make you understand about what happen locally here.

1) The samples of the most detected spam scheme;
The adult advertisement


The adult advertisement using the direct introduction


The money scams


2) How these spams can get through the FQDN/Reputation filtering systems?
The domain is maintaining the reputation, spammers keep on registering new domain and keep on maintaining new domain in daily to weekly basis. By having the good reputation (i.e. new domain) they can spam much in a shot, and that's the target. If the repoutation got corrupted the domain will be switched into new one in no time. It is indeed a clever scheme which cost effort and expertise from spammer side in Japan.
Below is the sample of one domain reputation which was just updated today:


The real problem of these spam scheme is, 1) they are using the user's mail address database which is exchanged in the black market in Japan. 2) Why bother to buy the mail address database? Because for each mail which clicked by the user the point goes to the spammer which can be exchanged with money in the real life.., yep, money boost the this scams, which not a crime act yet.

3) The "legendary" ASN access of these domains;
Have to admit the japanese spams is arranged well for its distribution using the popular registrant for the flexibility and widely access range. Below is the sample of the routing/ASN base info for one of them;

I've seen the similar pattern of this info for 3years now, yet there is nothing that we can do from the networking side to battle this further..
One thing is for sure, we need the law base act for spams too for sure.

4) What is the moral of this story?
*) To fight spams, you need to kill the cycle which boost it. Stop its money flow!
*) To actually stop a spam circulation instantly the law backbone also needed badly, that can be done since the ground of the law can be build (forgery, privacy flaw, money scams, etc)

----
ゼロデイ・ジャパン
http://0day.jp
マルウェア研究所
アドリアン・ヘンドリック (Hendrik ADRIAN)
Sponsored by: 株式会社ケイエルジェイテック

0 件のコメント:

コメントを投稿