Forensics Journal - Stevenson University 2013 | Page 28

FORENSICS JOURNAL adult materials (Ropelato, “Tricks”). Another attempt to deceive and redirect users to adult entertainment websites is known as the “Doorway Scam.” In this e-scam, fraudsters manipulate mainstream search engines by using non-suspect themes and language on their homepages to trick the search engine into assuming that the site is clean (Ropelato, “Tricks”). By using redirecting links or multiple sites linked to one another, the fraudster sends the user through several different sites before ultimately leading them to the adult entertainment site. Depending on which tactics are used, the user may find it difficult to escape as a result of redirects and ads implanted in the website or even in the unsuspecting victim’s computer. (Ropelato, “Tricks”). discussing Windows OS exploit of Conficker worm in 2008, PC Magazine’s Security Watch expert Neil Rubinstein has attributed the success of the botnet to the average Mac user’s false sense of security, complacency and lack of the appropriate anti-virus protection. When proving the legitimacy of an email sender source, Internet users needed a process by which to delegate reputational data to reduce the chances of e-scams reaching a user’s inbox. According to the Online Trust Alliance (OTA), email is the primary method of communication for both personal and business matters (“Email Authentication Rates Rise”). The OTA estimates that 95% of emails consist of some sort of spam, phishing, or malware. From the perspective of an ESP or an ISP, utilizing technology such as the DomainKeys Identified Mail (DKIM) places the burden of responsibility on the organization that is sending an email communication to a user’s inbox (“Introduction”). By authenticating an email, it allows the recipient’s service to review the reputational past history of the sender address, and make a decision about sending the communication directly to the inbox, to a junk folder, or blocking the communication all together (“Introduction”) (See Figure 6.) According to the Canadian Anti Fraud Centre, there have been multiple reports from consumers that were tricked into believing that their computers were illegally associated with a child pornography ring. The warning messages appearing on their systems inform the users that their computers will remain locked for further review unless they agree to pay $100 through a third party wiring service to have their computers unlocked (Scareware scam warning). Also known as “Scareware,” these types of tactics are used to target innocent victims due to the shock value and taboo nature of the content that has been associated with their computers. The Anti Canadian Fraud Centre issued tips to computer users to reduce the associated risk of this scam, but strongly encouraged users to scan their computers for viruses and malware that could have been transferred via an infected email communication. FIGURE 6: DKIM Email Authentication, OTA. E-scams do not always lead to victimization by stealing money and goods, sometimes the victimization may mean that a user’s computer participates in the e-scam, and is controlled by the fraudster once it is infected with malware. According to statistics released by Dambella, an advanced threat protection provider, it is estimated that 40% of computers of the 800 million computers connected to the Internet are potentially engaging in botnet activity on a daily basis. A botnet takes an e-scam a step further, as an infection can start out as a download on a website or within an email sent to a user. In 2008, an e-scam was created detailing the death of actor Heath Ledger, and included a link that supposedly would lead the user to a police report regarding the truth behind Ledger’s death (Acohido and Swartz). If the user clicked on the link, the user’s computer became infected and enabled the fraudsters to push out email spam through the Mega-D botnet, which mostly distributed male-enhancement spam. “Email Authentication.” Online Trust Alliance (OTA). N.p., n.d. Web. 18 Oct. 2012. . The development of a similar technology within the field transpired when Microsoft released their own email authentication process, Sender ID Framework (SIDF) (Sender ID Framework Overview). (See Figure 7). SIDF was created by Microsoft as a way to stop security problems arising from spam, phishing, and other potentially malicious communications from reaching the user’s inbox. Similar to DKIM, Microsoft verifies that email communications have legitimate headers and determines the reputation of the authenticated address to see if there have been any recorded information regarding abuse complaints or spam. Figure 7 illustrates the standard protocol of an email that is sent through the SIDF process to check the validity of the message prior to reaching the inbox. The Flashback Mac-based botnet infiltrated the Internet and was implicated in the infection of over 600,000 computers on April 9, 2012 (“Flashback Cleanup Still Underway”). Primarily used as a means to further click-fraud profits, the botnet is difficult to dismantle, as not all users are aware that they need to run updates and use malware removal tools in order to counter the botnet damage (Greenberg). Mac users did not require installed anti-virus protection, as infections were few and far between until recently (Rubinstein). In 27