垃圾郵件是每一網際網路使用者共同面臨的問題，如何有效解決垃圾郵件問題或降 低其影響更是每一個ISP（internet service provider）所需面對的挑戰。新型態的spamming 手法例如利用botnet 發送spam 讓spammer 的行蹤更加難於掌握，其衍生的安全問題更 與網際網路使用者息息相關。另外，從地域性的特質而言，由於垃圾郵件的攻擊過程中 需要與使用者互動，例如引誘使用者去讀該郵件，或更進一步引誘使用者去開啟郵件的 附件或郵件內容的網路連結(URL) 。因此，有效的垃圾郵件攻擊須與其攻擊對象的文化 背景有所聯繫，例如文字的使用，熱門話題/人物/物件/商品，與經濟活動等。我們相信 不同文化背景的地區其背後的垃圾郵件攻擊者(spammer)很可能不同，這點從我們過去的 研究觀察也可以得到部分印證。儘管一些世界頂尖的研究團隊已有對spamming botnets 提出一些成果報告，面對日新月異與潛藏於各地的網際網路攻擊者，必須還有更多(質 與量)與更廣(不同地區與文化背景)的研究觀察投入，才能有效的防堵。而台灣所面臨的 垃圾郵件與安全問題，其潛藏可能的特殊性亦極需國內的研究人員做進一步的研究觀 察。我們希望透過這個計畫的執行讓我們可以對該問題有更深的認識，掌握關鍵問題所 在，並進一步發展預防/偵測/防禦等相關技術及因應措施。 In recent years, new spamming techniques such as sending spam messages through botnets make spam behaviors becoming more opaque and stealthy, and thus hard to detect. Moreover, spam activities nowadays have been shown to be highly interacted with other internet security threats. Spam is no longer just as simple as something like junk messages, but should be seriously concerned as internet security threats. Each spam message might be embedded with malicious binaries or links, which could make some damages to the email readers. How to effectively fight against spam (and spamming botnets) is essential to protect safe internet-surfing for all internet users. Meanwhile email activities, as a social communication tool, should be intimate to the culture of the social communities. Consequently spam, to some extent, presents some localization properties, for example the languages used and the products promoted. While different spammers might share similar spam propagation techniques, the targeted spam victims should be selective, to some extent. As a result, spam behaviors observed at different vantage points could be different. For example, our previous studies show most of the spam messages we collected in Taiwan were in Chinese, and the majority of the spam hosting machines of the collected spam messages were either located in a Chinese speaking countries (like China, or Taiwan) or with a DNS domain registered by Chinese (although the DNS registration information might be forged). While there are some initiated works conducted by other international researchers to deal with spamming botnet problems, still our research communities should invest more efforts, with different technologies and from different aspects, to effectively against spam and spamming botnets. Hopefully, we expect this research proposal can come up with some insights both for common issues of spam and spamming botnet attacks worldwide and for potentially unique features associated with Chinese spam and spamming botnet attacks observed locally in Taiwan.
Spam Campaign Analysis