Sciweavers

ACSAC
2006
IEEE

Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks

14 years 5 months ago
Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks
Malicious mass-mailing activity on the Internet is a serious and continuing threat that includes mass-mailing worms, spam, and phishing. A mechanism commonly used to deliver such malicious mass mail is an SMTPengine, which turns an infected system into a malicious mail server. We present a technique that enables, within a single mailing attempt in many popular network environments, detection and containment of (even zero-day) SMTP-engine based mass-mailing activity. Contrary to other mass-mailing detection techniques our approach is content independent and requires no attachment processing, network traffic correlation, statistical measures, or system behavioral analysis. It relies instead on the observation of DNS MX queries within the enterprise network. This stateless detection technique requires minimal computational resources making it ideally suited for real-time wire-speed deployment.
David Whyte, Paul C. van Oorschot, Evangelos Krana
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where ACSAC
Authors David Whyte, Paul C. van Oorschot, Evangelos Kranakis
Comments (0)