Honeypots: Tracking Hackers
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Computer Network Security
On instant messaging worms, analysis and countermeasures
Proceedings of the 2005 ACM workshop on Rapid malcode
HoneySpam: honeypots fighting spam at the source
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detecting and filtering instant messaging spam: a global and personalized approach
NPSEC'05 Proceedings of the First international conference on Secure network protocols
A protocol for secure public instant messaging
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Secure instant messaging in enterprise-like networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Humans and bots in internet chat: measurement, analysis, and automated classification
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Instant messaging spam (spim), while less widespread than email spam, is a challenging problem which has received little attention in formal research. Spim is harder to study than spam because of the "walled garden" nature of popular instant messaging platforms. We designed and deployed a proxy based IM honeypot with protocol decoding and analyzed content characteristics of spim and network characteristics of hosts sending spim. Our analysis strongly suggests that adversaries make use of botnets and well coordinated command and control mechanisms in sending spim. Current anti-spim mechanisms rely heavily on content filtering, whitelisting and blacklisting. Our analysis suggests that the same botnets are being employed by spimmers and spammers. Hence network-layer and cross-protocol information sharing between email and IM anti-spam solutions and the use of cross-protocol IP reputation would significantly improve blocking rates. By comparing spim and ham IM data, we also identify several heuristics that can be used to distinguish spim traffic from spam traffic.