Spammers continue to distribute malware, phishing attacks, and counterfeit products to Internet users through emails. The traditional response is to block these emails, but as in other cybercrime fields, law enforcement is realizing the response should be to deter spammers by prosecution. The objective of this research is to enable law enforcement the ability to investigate and analyze related spammed domains in more depth in order to identify trends and potentially key targets that are responsible for creating spam domains. A prototype was developed to examine lists of domains by gathering key components about the information used to register each domain. Additional information on the domain such as the IP address and the Autonomous System Numbering (“ASN”) assignment is also collected. The gathered information serves as input to a clustering algorithm to group seemingly unrelated domains. These clusters are visualized in i2 Analyst Notebook charts that enable law enforcement to quickly target the potential prime suspects in the larger clusters as well as eliminate possible legitimate websites that formed in the smaller clusters. Along with the clustering software that was developed, information was also collected from the UAB Spam Data Mine and analyzed in comparison to the results of the clustering software to reveal a very in-depth pattern of spam domains’ locations across time. These methods demonstrate the effectiveness of automated solution that researchers can provide law enforcement, by quickly analyzing open source intelligence, like the registration information
of a website.
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 7, Number 2, pages 46-63, DOI: 10.5769/J201202004 or http://dx.doi.org/10.5769/J201202004
“WHOIS” Selling All The Pills
By Tommy Stallings, Brad Wardman, Gary Warner, and Sagar Thapaliya
To download this paper, click here.