@PhDThesis{Steding-Jessen:2008:UsHoEs,
author = "Steding-Jessen, Klaus",
title = "Uso de honeypots para o estudo de spam e phishing",
school = "Instituto Nacional de Pesquisas Espaciais (INPE)",
year = "2008",
address = "S{\~a}o Jos{\'e} dos Campos",
month = "2008-07-08",
keywords = "honeypots, spam, proxies abertos, phishing, estudo, honeyspot,
spam, open proxies, phishing, study.",
abstract = "Este trabalho propoe uma infra-estrutura extens{\'{\i}}vel de
sensores, baseada em honeypots, para estudar o problema do spam e
do phishing, de modo a obter dados mais detalhados sobre o
problema. Esta infra-estrutura permite a correla{\c{c}}{\~a}o
desses dados com aqueles capturados por outros sensores,
tamb{\'e}m com base em honeypots. Um prot{\'o}tipo desta
infra-estrutura foi implementado e teve enfoque em obter dados
sobre o abuso de relays e proxies abertos, a obten{\c{c}}{\~a}o
de endere{\c{c}}os de email em sites Internet, a coleta de URLs
enviadas atrav{\'e}s de mensagens de pop-up e a
correla{\c{c}}{\~a}o de todos estes dados com atividades
relacionadas com spam, capturadas pelo Cons{\'o}rcio Brasileiro
de Honeypots. Este prot{\'o}tipo esteve em opera{\c{c}}{\~a}o
por diversos meses e coletou dados sobre v{\'a}rios aspectos do
problema do spam, permitindo a obte{\c{c}}{\~a}o de um conjunto
de m{\'e}tricas que auxiliam a compreens{\~a}o da
situa{\c{c}}{\~a}o no Brasil. Os resultados da
opera{\c{c}}{\~a}o deste prot{\'o}tipo mostram a intensidade do
abuso de relays e proxies abertos em redes brasileiras, a origem e
o destino destes spams, os ind{\'{\i}}cios de envio a partir de
m{\'a}quinas infectadas e as caracter{\'{\i}}sticas do
harvesting de endere{\c{c}}os de email. Como resultado da
an{\'a}lise destes dados sao apresentadas propostas de
mitiga{\c{c}}{\~a}o para os problemas observados. ABSTRACT: This
work presents an extensible honeypot-based infrastructure to study
the spam and phishing problem in order to obtain more detailed
data on it. This infrastructure allows the correlation of the
former data with data captured by other sensors also based on
honeypots. A prototype of this infrastructure was implemented with
the aim of obtaining data about the following: abuse of open
relays and open proxies, email address harvesting, pop-up spam,
and the correlation of these data with spam-related activities
captured by the Brazilian Honeypots Alliance. This prototype was
in operation for several months and collected data on several
aspects of the spam problem. This allowed the generation of
metrics to help understand the spam problem in Brazil. The
obtained results show the magnitude of open relays and open
proxies abuse in Brazilian networks, the source and the
destination of these spams, the evidence of spam being sent from
infected computers, and the characteristics of email harvesting.
As a result of the analysis, some mitigation techniques for the
observed problems are proposed.",
committee = "Stephany, Stephan (presidente) and Montes Filho, Antonio
(orientador) and Vijavkumar, Nandamudi Lankalapalli (orientador)
and Santos, Rafael Duarte Coelho dos and Camilli, Alberto and
Pires, Paulo Sergio da Motta",
copyholder = "SID/SCD",
englishtitle = "Use of Honeypots for the Study of Spam and Phishing",
language = "pt",
pages = "204",
ibi = "8JMKD3MGP8W/33LU78P",
url = "http://urlib.net/ibi/8JMKD3MGP8W/33LU78P",
targetfile = "publicacao.pdf",
urlaccessdate = "04 maio 2024"
}