Group Project Meeting

Project Description:

Unsolicited email, spam, is a well known issue facing internet users. Currently popular methods are typically based around identifying and filtering out spam. Such reactionary solutions that can only deal with spam after an unwanted message is sent out onto the network are at best sub-optimal. They do not prevent spam from consuming network bandwidth.

Before a spam message can be sent out onto the network, a spammer must first gain hold of a valid destination email address. Spammers are known to use web crawlers, spambots, which search through public web pages looking for valid email targets.

This project aims to investigate and identify techniques that can be used to obfuscate email address and prevent spambots from harvesting email address from public websites.

Project Goals:

• Analyze spambot email harvesting techniques
• Identify anti-email harvesting techniques
• Develop email obfuscation tools
• Promote awareness of email harvesting and email obfuscation

Plan of Attack:

Stage I: Basic Milestones


1. Email obfuscation toolkit for static web pages

a. Simple client-side JavaScript obfuscators
b. Image translation tool

Emphasis is to build a ease to use toolkit based on known existing techniques.

2. Email Harvesting Honeypot

Deploy a decoy honeypot web site with email addresses present in different formats to attract spambots and track which techniques are most vulnerable to email harvesting and spam.

• Control case 1 – mailto tag in clear
• Control case 2 – email address in clear
• Simple JavaScript Obfuscation
• Email address in GIF image
• Email address embedded in a PDF document
• Simple key word substitution and separation – AT DOT DOT technique

Stage II: Intermediate Milestones

3. Awareness & promotion website (social engineering)
4. AJAX/Captcha based JavaScript obfuscator

Stage III: Advanced Milestones

5. Website Threat Assessment Diagnostic Tool (greyhat web crawler)
6. PDF email obfuscation
7. Applying Code Obfuscation Techniques to JavaScript
8. Client-side scripting (JavaScript) server based alternatives

Action Items

• Setup a website visitor counter to monitor the number of visits to the honeypot
  
• Use tables to divide up the email address
  
• Investigate CSS.none attribute, can be used to prevent the display of nonsense html tags
• RSS feed to notify users of new email obfuscation techniques published at the site