SlideShare ist ein Scribd-Unternehmen logo

Spam and hackers

Souhail Hammou
Souhail Hammou

Spam & Hacker Whitepaper By Souhail Hammou (Dark-Puzzle) . Will be Published in Hackers5 Magazine December 2012 Issue .

Technologie
1 von 8
Downloaden Sie, um offline zu lesen
Spam And Hackers Dark-Puzzle (Souhail Hammou) dark-puzzle@live.fr Facebook : www.facebook.com/dark.puzzle From Morocco ( This paper is for educational purposes ONLY)
What are we covering ? In this paper we are covering what is exactly the meaning of spamming . What is E-mail Spam ? What is the importance of scams and scamming to phish Internet users ? Nowadays Is it important to be a hacker to spam ? What are the problems facing hackers when spamming ? How do hackers spam ? Can I spam for free ? Some Statistics . What is Spamming ? : Spamming is the act of sending or receiving messages from unknown sources , which are trying to sell a product , to phish users and hack accounts (bank accounts , social network credentials). Nowadays , Most of the spam received mails are shown in the junk/spam category in your email due to different advanced technology methods used by mail service providers . The first signs of spamming started in the late 19th century , when Western Union has allowed telegraphic messages to multiple destinations from its networks then multiple companies used it by phone , email , television for economical uses . The advantage of spamming that it is a less cost method to insure the successful advertisement of its products . Thus , the spam infection has been transfered to black hat hackers , those who began to steal bank accounts , email accounts , online shopping credentials using simple methods in the first and more hard method that aquires some experience in hacking in our period now . A person who is spamming is called a « spammer »
E-mail Spam : Email spam is annoying and dangerous to recipients but effective , especially for hackers that are actually exploiting the human stupidity ( social engineering methods ) to steal important information from them . In general , email spam consists : Anonymity : it means that neither the source of the email nor its sender is known by the recipient . Unsolicited : means that the email isn't requested by the recipient Mass Mailing : means that the e-mail isn't sent for a single person but for many . Spam & Scams : We will be talking now about credit card scams . Here , the hacker have to aquire more knowledge in « scamming » it’s in general the art of creating webscams to obtain credit card details ( the three or four digit code on your card , your credit card number … ) . Thus , they will be using those information to buy things from the Internet or if they have the victim’s PIN code they will be able to transfert , cash out th money from you account . This aquire more anonymity techniques like using
proxies,VPNs,RDPs,bots… We can say almost the same thing with facebook/gmail/hotmail without the money thing. Who hasn’t tried to phish friends with a fake page using some outdated social engineering techniques :) . Fake Facebook Page Both Fake & Real pages Look Similar , but there is a difference in the « URL » : The real URL is : http://www.facebook.com The Fake URL can be : http://www.hackedsite.com/www.facebook.com/home.php Keep in mind that the hacker can shorten his url or use the hypertext link in his e-mail to hide his link from the victim , some people may notice some may not . Is It Important to be a hacker to spam ? These days you must be a hacker to spam , not a professional hacker but a hacker with knowledge and a little experience , to get credit cards because of the multiple security problem or some situations that you may face. There are many of them like: 1 – Collecting the victims mails to spam . 2 – Uploading your scam and avoiding its detection . 3 – Sending Inbox e-mails to victims . (Bypassing Smart Filters) 4 – Be sure that the result comes only to your email ( if you’re not a scammer). These 4 problems are nothing but the steps that you need to complete your mission correctly to ensure that you will get some good result sent back to you e-mail. How do hackers spam ? First of all , the hacker must get the target Mailing list first . He will have to
Dump a Shopping website database for example and extact all the emails in their database . Second , he will have to filter these emails as he likes ( Alphabet , EmailProviders , Countries …) . Most hackers are using SQL injection vulnerability that might be present in shopping CMS or maybe biggest companies websites . After getting the maillist manually or using an automated program ( havij , Sqlmap , SQLninja ) or with an e-mail grabber like MailSpider that isn’t that effective. The Hacker have to upload his scam into a website and avoid its detection . Now , If the hacker has some scamming skills he will create his own scam with his own email in it without facing any problems . But If he has downloaded one he will obligatory have to check it for some cryptography including another email other than his own . So the spam result will be going to two different emails . Let’s see an Example : This is an example of the php script which shows us how the email will be sent to us . It is using the famous mail() function to send us back the result . The script demands us to declare our e-mail in the variable $to . Ok we’ve done everything that’s good . But we’ve forgotten that there’s something suspicious about this script . The php include command in line 21 , ok you will say that this is just a visa logo javascript that have nothing that threatens me . Let’s take a closer look at this javascript file .
After srolling down the script a little bit we’ve noticed that there’s an evil scammer that wanted to share the result with us I mean steal it . All we have to do now is change the e-mail to our own email again . Now the Hacker will have to crypt his scam against the online filters there’s many method that can be used like the homograph attack that consists changing letters like « a » with the cyrilic letter other than latin ones . You can have some information about it from here : http://en.wikipedia.org/wiki/IDN_homograph_attack Or the hacker can download a crypted scam with making sure that there’s no emails hidden in it . This is not the only possible way there are many many other ways like base64 encoding … In this step , the hacker have to upload his scam . So he will hack a website , spawn a shell then upload his scam . In the same time he will need to send a fake e-mail with the company mail and name without forgetting to use a very attractive title and letter to make the recipient sure about the source of the message . Letter Example :
This is an example of a letter with a hypertext link reffering to the phishing website . To spam the hacker will have to use an Inbox SMTP account and a tool providing him the mass mailing technique . After a day or two , the result should arrive to the hacker indicated e-mail . Can I Spam For Free ? Yes , it is possible . But it needs more hard work because getting an SMTP account isn't that easy these days . Free.fr company has forbidden to its SMTP accounts the send of emails containing suspicious source emails, titles & content . Or you can just try to program your own php mailer or download it from the net and try it on different servers until you get an Inbox one or just hack an SMTP account from a remote server . But , there's a lot of companies providing SMTP accounts for low pricing , so it wouldn't ve free for you if you're not very familiar with hacking . Statistics : You can find some interesting statistics about spamming in 2012 here :
https://www.trustwave.com/support/labs/spam_statistics.asp Thanks for your time reading this paper . /Souhail Hammou

Empfohlen

IWC - Phishing and Internet Scams
IWC - Phishing and Internet ScamsIWC - Phishing and Internet Scams
IWC - Phishing and Internet ScamsIWC Probate Services
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
FNC Personal Protect Workshop
FNC Personal Protect WorkshopFNC Personal Protect Workshop
FNC Personal Protect Workshopforensicsnation
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scamsSafeSpaceOnline
 
Webspoofing
WebspoofingWebspoofing
Webspoofingjaimin_m_raval
 
Web spoofing (1)
Web spoofing (1)Web spoofing (1)
Web spoofing (1)Khushboo Taneja
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 

Empfohlen

IWC - Phishing and Internet Scams
IWC - Phishing and Internet ScamsIWC - Phishing and Internet Scams
IWC - Phishing and Internet ScamsIWC Probate Services
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingMuhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
FNC Personal Protect Workshop
FNC Personal Protect WorkshopFNC Personal Protect Workshop
FNC Personal Protect Workshopforensicsnation
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scamsSafeSpaceOnline
 
Webspoofing
WebspoofingWebspoofing
Webspoofingjaimin_m_raval
 
Web spoofing (1)
Web spoofing (1)Web spoofing (1)
Web spoofing (1)Khushboo Taneja
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Safe Email Practices
Safe Email PracticesSafe Email Practices
Safe Email PracticesJonathan Slavin
 
Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingAshley_Coy
 
Online secuirty
Online secuirtyOnline secuirty
Online secuirtyMomina Mateen
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesHuman Resources & Payroll
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Web spoofing
Web spoofingWeb spoofing
Web spoofingkondalarao7
 
Cybercrime
CybercrimeCybercrime
CybercrimeKarina Moreno Verpeide
 
Lloyds Bank fraud guidance
Lloyds Bank fraud guidanceLloyds Bank fraud guidance
Lloyds Bank fraud guidanceDavid Atkinson
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Computer crime by inqilab patel
Computer crime by inqilab patelComputer crime by inqilab patel
Computer crime by inqilab patelInqilab Patel
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
Phishing
PhishingPhishing
Phishing- Mark - Fullbright
 
Internet issues
Internet issuesInternet issues
Internet issuesCJ900
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)Dhrumit Patel
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroJared Broker
 
Avoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax SeasonAvoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax SeasonWombat Security Technologies
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar finalShivarajkumar Badiger
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: UpdatedAmanda L. Goodman
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 

Weitere ähnliche Inhalte

Was ist angesagt?

Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingAshley_Coy
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesHuman Resources & Payroll
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Lloyds Bank fraud guidance
Lloyds Bank fraud guidanceLloyds Bank fraud guidance
Lloyds Bank fraud guidanceDavid Atkinson
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Computer crime by inqilab patel
Computer crime by inqilab patelComputer crime by inqilab patel
Computer crime by inqilab patelInqilab Patel
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
Internet issues
Internet issuesInternet issues
Internet issuesCJ900
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)Dhrumit Patel
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroJared Broker
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: UpdatedAmanda L. Goodman
 

Was ist angesagt? (20)

Safe Email Practices
Safe Email PracticesSafe Email Practices
Safe Email Practices
 
Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, Clickjacking
 
Online secuirty
Online secuirtyOnline secuirty
Online secuirty
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security Breaches
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in Nepal
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Web spoofing
Web spoofingWeb spoofing
Web spoofing
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Lloyds Bank fraud guidance
Lloyds Bank fraud guidanceLloyds Bank fraud guidance
Lloyds Bank fraud guidance
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your business
 
Computer crime by inqilab patel
Computer crime by inqilab patelComputer crime by inqilab patel
Computer crime by inqilab patel
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
 
Phishing
PhishingPhishing
Phishing
 
Internet issues
Internet issuesInternet issues
Internet issues
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Rat
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBro
 
Avoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax SeasonAvoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax Season
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar final
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: Updated
 

Ähnlich wie Spam and hackers

LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofingMattChapman50
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Final paper
Final paperFinal paper
Final paperJDonpfd3
 
Presentation on Email phishing.pptx
Presentation on Email phishing.pptxPresentation on Email phishing.pptx
Presentation on Email phishing.pptxAbdulHaseebKhan34
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharyasankhadeep
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of ITMahdiRahmani15
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigationNimishaRawat
 

Ähnlich wie Spam and hackers (20)

LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
A guide to email spoofing
A guide to email spoofingA guide to email spoofing
A guide to email spoofing
 
internet security
internet securityinternet security
internet security
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Web spam
Web spamWeb spam
Web spam
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Chapter-5.pptx
Chapter-5.pptxChapter-5.pptx
Chapter-5.pptx
 
Final paper
Final paperFinal paper
Final paper
 
Presentation on Email phishing.pptx
Presentation on Email phishing.pptxPresentation on Email phishing.pptx
Presentation on Email phishing.pptx
 
Web Security
Web SecurityWeb Security
Web Security
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
Spam!
Spam!Spam!
Spam!
 
Spam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta BhattacharyaSpam and Anti-spam - Sudipta Bhattacharya
Spam and Anti-spam - Sudipta Bhattacharya
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Kürzlich hochgeladen (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Spam and hackers

  • 1. Spam And Hackers Dark-Puzzle (Souhail Hammou) dark-puzzle@live.fr Facebook : www.facebook.com/dark.puzzle From Morocco ( This paper is for educational purposes ONLY)
  • 2. What are we covering ? In this paper we are covering what is exactly the meaning of spamming . What is E-mail Spam ? What is the importance of scams and scamming to phish Internet users ? Nowadays Is it important to be a hacker to spam ? What are the problems facing hackers when spamming ? How do hackers spam ? Can I spam for free ? Some Statistics . What is Spamming ? : Spamming is the act of sending or receiving messages from unknown sources , which are trying to sell a product , to phish users and hack accounts (bank accounts , social network credentials). Nowadays , Most of the spam received mails are shown in the junk/spam category in your email due to different advanced technology methods used by mail service providers . The first signs of spamming started in the late 19th century , when Western Union has allowed telegraphic messages to multiple destinations from its networks then multiple companies used it by phone , email , television for economical uses . The advantage of spamming that it is a less cost method to insure the successful advertisement of its products . Thus , the spam infection has been transfered to black hat hackers , those who began to steal bank accounts , email accounts , online shopping credentials using simple methods in the first and more hard method that aquires some experience in hacking in our period now . A person who is spamming is called a « spammer »
  • 3. E-mail Spam : Email spam is annoying and dangerous to recipients but effective , especially for hackers that are actually exploiting the human stupidity ( social engineering methods ) to steal important information from them . In general , email spam consists : Anonymity : it means that neither the source of the email nor its sender is known by the recipient . Unsolicited : means that the email isn't requested by the recipient Mass Mailing : means that the e-mail isn't sent for a single person but for many . Spam & Scams : We will be talking now about credit card scams . Here , the hacker have to aquire more knowledge in « scamming » it’s in general the art of creating webscams to obtain credit card details ( the three or four digit code on your card , your credit card number … ) . Thus , they will be using those information to buy things from the Internet or if they have the victim’s PIN code they will be able to transfert , cash out th money from you account . This aquire more anonymity techniques like using
  • 4. proxies,VPNs,RDPs,bots… We can say almost the same thing with facebook/gmail/hotmail without the money thing. Who hasn’t tried to phish friends with a fake page using some outdated social engineering techniques :) . Fake Facebook Page Both Fake & Real pages Look Similar , but there is a difference in the « URL » : The real URL is : http://www.facebook.com The Fake URL can be : http://www.hackedsite.com/www.facebook.com/home.php Keep in mind that the hacker can shorten his url or use the hypertext link in his e-mail to hide his link from the victim , some people may notice some may not . Is It Important to be a hacker to spam ? These days you must be a hacker to spam , not a professional hacker but a hacker with knowledge and a little experience , to get credit cards because of the multiple security problem or some situations that you may face. There are many of them like: 1 – Collecting the victims mails to spam . 2 – Uploading your scam and avoiding its detection . 3 – Sending Inbox e-mails to victims . (Bypassing Smart Filters) 4 – Be sure that the result comes only to your email ( if you’re not a scammer). These 4 problems are nothing but the steps that you need to complete your mission correctly to ensure that you will get some good result sent back to you e-mail. How do hackers spam ? First of all , the hacker must get the target Mailing list first . He will have to
  • 5. Dump a Shopping website database for example and extact all the emails in their database . Second , he will have to filter these emails as he likes ( Alphabet , EmailProviders , Countries …) . Most hackers are using SQL injection vulnerability that might be present in shopping CMS or maybe biggest companies websites . After getting the maillist manually or using an automated program ( havij , Sqlmap , SQLninja ) or with an e-mail grabber like MailSpider that isn’t that effective. The Hacker have to upload his scam into a website and avoid its detection . Now , If the hacker has some scamming skills he will create his own scam with his own email in it without facing any problems . But If he has downloaded one he will obligatory have to check it for some cryptography including another email other than his own . So the spam result will be going to two different emails . Let’s see an Example : This is an example of the php script which shows us how the email will be sent to us . It is using the famous mail() function to send us back the result . The script demands us to declare our e-mail in the variable $to . Ok we’ve done everything that’s good . But we’ve forgotten that there’s something suspicious about this script . The php include command in line 21 , ok you will say that this is just a visa logo javascript that have nothing that threatens me . Let’s take a closer look at this javascript file .
  • 6. After srolling down the script a little bit we’ve noticed that there’s an evil scammer that wanted to share the result with us I mean steal it . All we have to do now is change the e-mail to our own email again . Now the Hacker will have to crypt his scam against the online filters there’s many method that can be used like the homograph attack that consists changing letters like « a » with the cyrilic letter other than latin ones . You can have some information about it from here : http://en.wikipedia.org/wiki/IDN_homograph_attack Or the hacker can download a crypted scam with making sure that there’s no emails hidden in it . This is not the only possible way there are many many other ways like base64 encoding … In this step , the hacker have to upload his scam . So he will hack a website , spawn a shell then upload his scam . In the same time he will need to send a fake e-mail with the company mail and name without forgetting to use a very attractive title and letter to make the recipient sure about the source of the message . Letter Example :
  • 7. This is an example of a letter with a hypertext link reffering to the phishing website . To spam the hacker will have to use an Inbox SMTP account and a tool providing him the mass mailing technique . After a day or two , the result should arrive to the hacker indicated e-mail . Can I Spam For Free ? Yes , it is possible . But it needs more hard work because getting an SMTP account isn't that easy these days . Free.fr company has forbidden to its SMTP accounts the send of emails containing suspicious source emails, titles & content . Or you can just try to program your own php mailer or download it from the net and try it on different servers until you get an Inbox one or just hack an SMTP account from a remote server . But , there's a lot of companies providing SMTP accounts for low pricing , so it wouldn't ve free for you if you're not very familiar with hacking . Statistics : You can find some interesting statistics about spamming in 2012 here :
  • 8. https://www.trustwave.com/support/labs/spam_statistics.asp Thanks for your time reading this paper . /Souhail Hammou