DO YOU WANT TO KNOW ABOUT SPAMTRAPS?

We provide you with information of interest to share data about our vibrant and changing multiverse of new trends in Information Technology (IT). We all know that cyberataques are increasingly frequent and diverse, with evolutionary and consistent characteristics, with the increasingly advanced knowledge of the development of Big Data.

Cyber ​​criminals are hidden under Social Engineering Techniques, Instant Messaging Systems SMS / MMS, unwanted emails (SPAM) among the most common; SPAM being an intruder that seems a bit harmless, but which can hide obscure intentions of abuse against your Databases. A whole arsenal of malicious possibilities hover over the presumed innocence of SPAM, so we recommend “BE CAREFUL”.

Malware’s, Phishing, Spyware’s, Trojans, are part of the pernicious gallery from which we must shield ourselves. And that is why the SPAMTRAPS become a powerful, solid and avant-garde solution that shares life in the defense system of SIEM solutions and in THREAT INTELIGENCE

We want to introduce you in an advanced and very strategic environment (SPAMTRAPS), which will strengthen the confidentiality of your Databases, financial information, access credentials and personal information. And that of course will give you the robustness, which will give your customers the reliability that your effort deserves.

As it can be deduced, SPAMTRAPS in Spanish means SPAM for SPAM and its method is based on generating email addresses managed by the ISP (Internet service provider) and blacklist companies that are organizations dedicated to tracking SPAMMING, who are the ones that distribute these unwanted messages, with the purpose of feeding Databases with contact information of owners of IP addresses and regional Internet registry, with WHOIS WHOIS tools of IP and being able to analyze them to determine their intentions. Integrating all these technologies to advance together and optimize efforts in cybersecurity.

Large companies that because of their immense volume of traffic, information and subscription, manage their own security and cybersecurity abuse departments, perform enormously in analyzing and reporting behaviors of their BIG DATA. And other organizations that are not as well known but no less important and specifically oriented to this issue, which makes them experts and sufficiently qualified for these purposes, are mainly those who contribute almost all of the data to the Black Lists and the SPAMTRAPS.

Basically those who manage and administer SPAMTRAPS, design email addresses that are purposely not disclosed, waiting to see if it is a recipient of messages. If so, the first impression is that the box where the message comes from is a SPAMMING, because since it was never disseminated it is presumed assertively that the only way to have received the mail is through the use of contact forms.

Companies use different techniques of SAPMTRAPS and intrusion detection systems IDS, for its acronym in English (Intrusion Detection Systems). These solutions consist of detecting events that do not have a regular behavior and that might seem strange in the behavior of our computer systems, they have algorithms that disseminate a large volume of SPAM messages daily that are processed in real time and together with the IDS (Intrusion detection systems) from different providers, form Databases that integrate components within the electronic security model of organizations, which consist of detecting anomalous activities from the outside-inside of computer systems. This analyzed and stored data is shared to expand the Databases, generate Blacklist (black lists) and be able to perform more efficient management.

There are multiple types of SPAMTRAMPS, for example, the “Seeded” is based on a promotional mail that is delivered to one of these addresses created on purpose and does not give rise to doubts that the sender has bought a list or has done harvesting ( Web-Harvest is an engine of automatic extraction of text of the WWW), being understood that one is acting outside the good practices and perhaps with intentions of abuse. The same happens with the SPAMTRAP of RANDOM addresses (basic functions of some programming languages ​​that are used to obtain numbers, addresses, data randomly). Some senders create programs that randomly generate addresses without knowing if they exist. For example, if they go to the xyz.com domain, these programs will send them to info@xyz.com, contact@xyz.com, they also use name lists and send them to nombres@xyz.com, beneficiaries@xyz.com etc. Viewing these incoming emails, the owners of these domains can identify the sources of SPAM (company and IP) and react according to the need.

Other SPAMTRAPS are considered “soft” and give lower scores than before when detecting SPAM. The addresses like hotmail, gmail and others have registered domains with errors in the name like hotmaul.com, gmila.com. These domains respond with codes of Hard Bounces (they are those that occur when the mails are sent to an invalid email address), so that persistently receiving emails from the same IP to the same address, implies that the sender has not complied with the rules of good practice.

We can also tell them about the “ZOMBIES” addresses, which are emails that did not have activity for a long time, mainly because their owners stopped using them. Owners of the destination domain turn them into SPAMTRAPS and monitor what goes in, which is also considered bad practices. Registration SPAMTRAPS are another more deceptive way and it is nothing more than registering email addresses monitored on company sites. According to terms and conditions, you only have to receive mails from this company. In such a way that analyzing the traffic, the owners of SPAMTRAP can observe two things, if the company complies with good practices or if it is in Blacklist.

This list does not group all SPAMTRAPS or IDS methods, but these are the main means used by MSPs (managed services providers), which are companies that remotely administer the IT infrastructure and / or the end user systems of a client, usually proactively and under a subscription model. and the ANTI-SPAM agencies to fight against these abuses.

FEEDS documents with RSS or Atom format (based on XML) are required to complete other sets of files that are used to detect threats. It is known from other undisclosed systems, which together with the aforementioned share information to expand the databases and obtain optimized searches and attach them to the Black Lists.

Likewise, Information Technology personnel specialized in cybersecurity make use of FEEDS by integrating them into their SIEM systems to find possible infractions to their systems, finding points in common between the correlation of security events and their solutions, helping to centralize and administration of LOGS (log, log history or record to the sequential recording in a file or database of all events or events that affect a particular process such as the application or activity of a computer network) , to give full compliance to the efficient monitoring that gives us the adequate security of our information.

In short, we know that you are hungry for more and more information, if you want more news and stay updated or if you want our advice, do not forget to follow us through our multimedia platform. We will continue publishing to expand the spectrum of these solutions and much more …!