Abstract
The continued rapid growth of the Internet and the emergence of the Internet of Things (IoT) have resulted in the increased sophistication of malicious software or crime-ware tools and the refinement of deceptive methods to conduct computer attacks and intrusions. Cyber attacks via spam emails (unsolicited bulk messages) remain one of the major vectors for the dissemination of malware and many predicate forms of cybercrime. Monitoring spam as potential cybercrime can help prevention by observing changes in attack methods including the type of malicious code and the presence of criminal networks. In this paper, we describe the nature and trends in spam borne malware. This paper outlines some of the issues and problems in respect to the spam in cybercrime and gives examples of known cases and offers insight to tackle spam problems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Signal-Spam was initiated in 2005 as a public–private organization to identify spammers for enforcement cases.
- 2.
Tor is free software and an open network that helps internet users defend against network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
Abbreviations
- AFP:
-
Australian Federal Police
- C&C:
-
Command and control server
- CAN-SPAM:
-
Controlling the Assault of Non-Solicited Pornography and Marketing
- CoE:
-
Council of Europe
- DDoS:
-
Distributed Denial of Service
- ECPA:
-
Electronic Communications Privacy Act
- IoT:
-
Internet of things
- ISP:
-
Internet service provider
- ITU:
-
International Telecommunication Union
- Malware:
-
Malicious software
- NSW:
-
New South Wales
- OECD:
-
Organization for Economic Cooperation and Development
- P2P:
-
Peer-to-peer
- PPI:
-
Pay per install
- RTA:
-
Remote access trojan
- Tor:
-
The onion router
- URL:
-
Uniform resource locator
- VPN:
-
Virtual private network
References
Alazab, M. (2015). Profiling and classifying the behavior of malicious codes. Journal of Systems and Software, 100, 91–102. doi:10.1016/j.jss.2014.10.031.
Alazab, M., Layton, R., Broadhurst, R., & Bouhours, B. (2013, November 21–22). Malicious Spam Emails Developments and Authorship Attribution, IEEE. Paper presented at the The Fourth Cybercrime and Trustworthy Computing Workshop, Sydney NSW.
Alazab, M., & Venkatraman, S. (2013). Detecting malicious behaviour using supervised learning algorithms of the function calls. International Journal of Electronic Security and Digital Forensics, 5(2), 90–109.
Barrett, M., Steingruebl, A., & Smith, B. (2011). Combating cybercrime: Principles, policies, and programs, from https://www.paypal-media.com/assets/pdf/fact_sheet/PayPal_CombatingCybercrime_WP_0411_v4.pdf
Blackstone, E. A., & Hakim, S. (2013). Competition versus monopoly in the provision of police. Security Journal, 26, 157–179.
Broadhurst, R. (2006). Developments in the global law enforcement of cyber-crime. Policing: An International Journal of Police Strategies and Management, 29(3), 408–433.
Broadhurst, R., & Chang, L. (2013). Cybercrime in Asia: Trends and challenges. In J. Liu, B. Hebenton & S. Jou (Eds.), Handbook of Asian criminology (pp. 49–63). New York: Springer.
Broadhurst, R., Grabosky, P., Alazab, M., & Chon, S. (2014). Organizations and cyber crime: An analysis of the nature of groups engaged in cyber crime. International Journal of Cyber Criminology, 8(1), 1–20.
Cao, X., & Lu, Y. (2011). Social network analysis of a criminal hacker community. In H. Nemati (Ed.), Security and privacy assurance in advancing technologies: New developments (pp. 160–173). IGI Global.
Chabinsky, S. (2010). The cyber threat: Who’s doing what to whom? Paper presented at the GovSec/FOSE conference, Washington, D.C. http://www.fbi.gov/news/speeches/the-cyber-threat-whos-doing-what-to-whom
Chantler, A., & Broadhurst, R. (2006). Social engineering and crime prevention in cyberspace. Technical Report, Justice, Queensland University of Technology, from http://eprints.qut.edu.au/7526/1/7526.pdf
Charney, S. (2014). An atlas of internet insecurity. Retrieved November 7, 2014 from http://forbesindia.com/printcontent/38270
Cisco. (2011). The internet of things how the next evolution of the internet is changing everything, Cisco Internet Business Solutions Group (IBSG). Retrieved June 5, 2015 from http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
Cisco. (2013). The internet of everything for cities: connecting people, process, data, and things to improve the ‘livability’ of cities and communities. Retrieved November 20, 2015 from http://www.cisco.com/web/about/ac79/docs/ps/motm/IoE-Smart-City_PoV.pdf
Darrell, K. (2009). Issues in internet law: Society, technology, and the law. Amber Book Company.
Department of Justice. (2009). Detroit spammer and three co-conspirators sentenced for multi-million dollar e-mail stock fraud scheme, from http://www.justice.gov/opa/pr/2009/November/09-crm-1275.html
European Commission. (2009). EU study on the legal analysis of a single market for the information society: New rules for a new age? from http://ec.europa.eu/information_society/newsroom/cf/itemdetail.cfm?item_id=7022&
FBI. (2010). Russian man charged with sending thousands of spam e-mails from http://www.fbi.gov/milwaukee/press-releases/2010/mw120210a.htm
FBI National Press Office. (2005). FBI announces two arrests in Mytom and Zotob computer worm investigation. Retrieved October 13, 2014 from https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-two-arrests-in-mytob-and-zotob-computer-worm-investigation
Federal Trade Commission. (2009). FTC shuts down notorious rogue internet service provider, 3FN service specializes in hosting spam-spewing botnets, phishing web sites, child pornography, and other illegal, malicious web content, from http://www.ftc.gov/news-events/press-releases/2009/06/ftc-shuts-down-notorious-rogue-internet-service-provider-3fn
Grabosky, P. (2013). Organised crime and the internet. The Royal United Services Institute (RUSI) Journal, 158(5), 18–25. doi:10.1080/03071847.2013.847707
Grabosky, P., & Smith, R. (1998). Crime in the digital age: Controlling telecommunications and cyberspace illegalities. Piscataway: Transaction Publishers.
Greenemeier, L. (2008). A tale of two “Spam Kings” from http://www.scientificamerican.com/article/a-tale-of-two-spam-kings/
ITU. (2014). ITU and internet society collaborate to combat spam, May 2, from http://www.itu.int/net/pressoffice/press_releases/2014/61.aspx#.VpRYVRV96Uk
Kaspersky. (2013). Spam in Q1 2013. Retrieved August 8, 2015 from https://securelist.com/analysis/quarterly-spam-reports/36497/spam-in-q1-2013/
Kaspersky. (2014a). Spam and phishing in Q2 2014. Retrieved December 8, 2014 from https://cdn.securelist.com/files/2014/08/Spam-report_Q2-2014_en.pdf
Kaspersky. (2014b). Spam and phishing statistics report Q1-2014. Retrieved October 1, 2014 from http://usa.kaspersky.com/internet-security-center/threats/spam-statistics-report-q1-2014#.VpRChhV96M8
Krebs, B. (2011). Chats with accused ‘Mega-D’ botnet owner? from http://krebsonsecurity.com/2011/12/chats-with-accused-mega-d-botnet-owner/
Krebs, B. (2014). Operation Tovar’ targets ‘Gameover’ ZeuS botnet, cryptolocker scourge, from http://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/
McAfee. (2010). McAfee threats report: Second quarter 2010, from http://www.redteamusa.com/PDF/McAfee/McAfee_Labs_Threat_Report_2nd_quarter_2010.pdf
McCombie, S., Pieprzyk, J., & Watters, P. (2009). Cybercrime attribution: An eastern european case study. Paper presented at the 7th Australian digital forensics conference, Perth, Western Australia.
McGuire, M. (2012). Organised crime in the digital age. London: John Grieve Centre for Policing and Community Safety.
Moura, G. (2013). Internet bad neighbourhoods, University of Twente, Doctor degree, from http://doc.utwente.nl/84507/1/thesis_G_Moura.pdf
OECD. (2006). OECD anti-spam toolkit of recommended policies and measures. Retrieved August 4, 2014 from http://www.oecd.org/internet/consumer/36494147.pdf
Panda Security. (2010). Panda security report: The cyber-crime black market: Uncovered from http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf
Radicati, S., & Levenstein, J. (2013). Email statistics report, 2013–2017, from http://www.radicati.com/wp/wp-content/uploads/2013/04/Email-Statistics-Report-2013-2017-Executive-Summary.pdf
Rao, J., & Reiley, D. (2012). The economics of spam. Journal of Economic Perspectives, 26(3), 87–110. doi:10.1257/jep.26.3.87.
Smith, R., Grabosky, P., & Urbas, G. (2004). Cyber criminals on trial. Cambridge: Cambridge University Press.
Smith, R., & Hutchings, A. (2014). Identity crime and misuse in Australia: Results of the 2013 online survey. AIC Reports Research and Public Policy Series, from http://aic.gov.au/media_library/publications/rpp/128/rpp128.pdf
Stringhini, G., Holz, T., Stone-Gross, B., Kruegel, C., & Vigna, G. (2011, August 8–12). BOTMAGNIFIER: Locating spambots on the internet. Paper presented at the 20th USENIX conference on security, San Francisco, CA.
Symantec. (2013). Internet security threat report 2013: Volume 18, from https://scm.symantec.com/resources/istr18_en.pdf
Symantec. (2015). Internet security threat report. Retrieved December 2, 2015 from https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347931_GA-internet-security-threat-report-volume-20-2015-appendices.pdf
Takahashi, K., Sakai, A., & Sakurai, K. (2010). Spam mail blocking in mailing lists. In K. Nishi (Ed.), Multimedia. InTech.
The New York Times. (2009). Spam back to 94 % of all e-mail. Retrieved September 12, 2013 from http://bits.blogs.nytimes.com/2009/03/31/spam-back-to-94-of-all-e-mail/?_r=0
The U.S. Justice Department. (2014). A complaint USA v Evgeniy Bogachev, from http://www.justice.gov/opa/documents/dgzc/complaint.pdf
The Washington Post. (2007). Longtime ‘Spam King’ charged with fraud. Retrieved September 7, 2013 from http://www.washingtonpost.com/wp-dyn/content/article/2007/05/31/AR2007053100310.html
Tran, K.-N., Alazab, M., & Broadhurst, R. (2013). Towards a feature rich model for predicting spam emails containing malicious attachments and urls. Paper presented at the Eleventh Australasian Data Mining Conference Canberra, ACT.
Trend Micro. (2010). The botnet chronicles: A journey to infamy. A trend micro white paper, from http://countermeasures.trendmicro.eu/wp-content/uploads/2012/02/the_botnet_chronicles_-_a_journey_to_infamy__nov_2010_.pdf
Trend Micro. (2012). Spear-phishing email: Most favored APT attack bait, from http://www.trendmicro.com.au/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf
United States District Court. (2005). United States District Court for the Central District of California: US vs Jeanson Ancheta, Case order 05-1060, from http://news.findlaw.com/hdocs/docs/cyberlaw/usanchetaind.pdf
UNODC. (2013). Comprehensive study on cybercrime, from http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf
Vielmetti, B. (2013). Russian king of spam avoids prison in plea deal. Retrieved October 23, 2014 from http://www.jsonline.com/blogs/news/195458101.html
Young, C. (2014). An atlas of internet insecurity. Retrieved November 7, 2014 from http://forbesindia.com/printcontent/38270
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Alazab, M., Broadhurst, R. (2017). An Analysis of the Nature of Spam as Cybercrime. In: Clark, R., Hakim, S. (eds) Cyber-Physical Security. Protecting Critical Infrastructure, vol 3. Springer, Cham. https://doi.org/10.1007/978-3-319-32824-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-32824-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-32822-5
Online ISBN: 978-3-319-32824-9
eBook Packages: Political Science and International StudiesPolitical Science and International Studies (R0)