The following is tip #9 from "Phishing exposed -- 10 tips in 10 minutes," excerpted from Chapter 3 of the book Phishing Exposed, published by Syngress Publishing.
As we learned in Chapter 2, we had employed the use of a bulk-mailing tool to send our phish emails to our target victims. The tool used is a primitive one in comparison to the power and extensibility that can be exercised in sending spam emails. Some popular bulk-mailing tools on the market today have features that pretty much offer spammers a turnkey solution to their email activities. Here we review the popular ones used in phishing.
The Tools of the Trade
Two competing popular bulk mailers, Send-Safe and Dark-Mailer, are available on the market. Send-Safe advertises itself as a "real anonymous mailer" and was authored by Ruslan Ibragimov, who is also a prime suspect in the authoring of the Sobig virus (http://spamkings.oreilly.com/WhoWroteSobig.pdf). The allegations indicate that Ibragimov hired developers to assist in constructing a virus that would infect users to turn their machines into open proxies, enabling a competitive "stealth" advantage for his Send-Safe product. For this reason, Ibragimov is having great difficulty keeping his Web site hosted, since most ISPs do not condone spamming (see Figure 15). On his home page, Ibragimov offers multiple spammer tools that assist in conducting spamming in a "safe" and anonymous manner (see Figure 16).
Figure 15 Wayback's Machine Displaying the Last Known Send-safe.com Site
Figure 16 Send-Safe in action
Notice that multiple products are listed on this site, such as Honeypot Hunter, a tool used to detect whether the server allowing spam is a honeypot. A honeypot, according to Lance Spitzner, is "an information system resource whose value lies in unauthorized or illicit use of that resource"; read more at www.honeypot.org. There is also a proxy scanner, a list manager that helps them sort their mailing lists, an email verifier, and a Bulk instant messenger (IM) product.
Instant messengers are a playground for possible spam, but the prevention of spam within that environment is a lot easier, since there is centralized control of features offered by the IM network. This type of spam is called SPIM and is starting to gain some traction. The real threat to IM is that phishers do have access to logins for IMs such as Yahoo's, since they have stolen thousands upon thousands of Yahoo! email address logins using their methods of phishing sites and malware. With these logins, they can view a user's buddy list and start sending the users to sites that contain malicious content. The ROI will be high due to the trust factor, since the phishers are actually hijacking a trusted account.
Another popular bulk mailing tool is Dark Mailer, hosted in China at www.dark-mailer.com. This tool is probably now the most popular bulk-mailing tool used by phishers and spammers due to its feature-rich ability, ease of use, and spammer-specific qualities such as forging headers to appear like those from Outlook Express. This tool has been benchmarked as one of the faster bulk mailers on the market, sending roughly 500,000 emails per hour. It has SOCKS and HTTP proxy support, including testing and built-in macros for customization of headers as well as message randomization designed for spam-filter evasion (see Figure 17).
Figure 17 Macros for Header Customization
With the ready availability of tools and methodologies for sending spam and the quick ROI for the spammers, it is easy to see why spamming and phishing have become so popular. These activities not only create an interesting economy all on their own, starting with the programmers providing the tools to the phishers, but once these tools are available, the job becomes an effortless and profitable process. All that is required is a bored individual who has a keen desire to get rich quick by stealing money from others.
Phishing exposed -- 10 tips in 10 minutes
Tip 1: Phishing and email basics
Tip 2: Phishing and the mail delivery process
Tip 3: Anonymous email and phishing
Tip 4: Forging headers and phishing
Tip 5: Open relays, proxy servers and phishing
Tip 6: Proxy chaining, onion routing, mixnets and phishing
Tip 7: Harvesting email addresses and phishing
Tip 8: Phishers, hackers and insiders
Tip 9: Sending spam and phishing
Tip 10: Fighting phishing with spam filters
This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.