In a public "name and shame" experiment, University of Texas researchers launched SpamRankings.net to publicize which medical facilities have been hijacked by spammers.
A team of academic security researchers at the University of
Texas launched a new Website to identify names and addresses of organizations
that are helping send out spam.
SpamRankings is a
new initiative from the Center for Research in Economic Commerce at the
University of Texas at Austin. The site will publicize "spam havens," or
organizations that have been hijacked by spammers to unwittingly take part in
the spam-distribution operation. The site founders are hoping the publicity
will pressure organizations to improve security enough to remove them from spam
distribution networks and reduce at least in some small way spam volumes.
measures are generally responsible for employee workstations getting
compromised, either by spam or malicious Web content. Once the machine is
compromised, the botnet herders can add it to its spam-spewing botnet to send
out malware to even more people. The original employee or the organization
rarely has any idea the machine has been hijacked for this purpose.
"Nobody wants to do business with a bank or hospital or
Internet hosting company that has been hijacked by spammers," said center
director Andrew Whinston.
SpamRankings can also be used to assess what kind of
security measures the organization may have in place. If the organization has a
high spam score, then it is possible there are other security
vulnerabilities and heightened risk for other malware, phishing scams,
distributed denial-of-service attacks and identity theft, Whinston said.
The group's initial focus will be on health care providers
that appear to be infected by spam bots. Future version of the project will
focus on other industry verticals, such as banking and Web hosting.
SpamRankings currently reflects May data and has historical
data for March and April. For the month of May, SpamRankings identified Korea
Telecom as the biggest spam haven in the world, followed by India's National
Internet Backbone. However, drilling down to just health care organizations, it
appears that Belgium's WIN Authonomous System was the most prolific spam sender
in May. April's lead-runner, Cedars Sinai Health Systems, a non-profit hospital
and research facility in Los Angeles, ranked the second highest among global
institutions and highest among health care organizations in the United States.
Cedars Sinai managed to reduce the spam volumes for the
first few weeks in May, even reaching zero on May 9, but on May 28, spam
volumes sent from the hospital had catapulted near to the top. On May 31,
Cedars Sinai was responsible for more than 10 times more spam than North
Kansas City Hospital Auxiliary, the second most prolific spam-sender that day.
"U.S. medical organizations weren't letting out nearly as
much spam in May as in previous months," the researchers wrote on the site.
There was still enough spam activity to make them wonder what other security problems
these organizations may have, they said.
The researchers put together the initial list based on the Composite Block List, a Website which tracks
Internet addresses that have been observed to send spam. The site provides the
information by domain, by country and even as a monthly report of the most
active botnets. However, it is difficult to extrapolate organization
information from the CBL data. Researchers worked with Team Cyrmu, an
organization that tracks cyber-crime activity to analyze and correlate the IP
addresses in CBL's massive data set to correctly identify organizations.
Organizations can use CBL's lookup and removal tool on the
Website to remove themselves from the list after resolving the problem.