CERT.br Computer Emergency Response Team Brazil
CGI.br NIC.br
honeyTARG
SpamPots Project

The Spampots Project, coordinated by CERT.br and part of the honeyTARG Honeynet Project, uses low-interaction honeypots to gather data related to the abuse of the Internet infrastructure by spammers. The main goals are:

  • measure the problem from a different point of view: abuse of infrastructure X spams received at the destination
  • help develop the spam characterization research
  • measure the abuse of network infrastructure to send spam
  • develop better ways to
    • identify phishing and malware
    • identify botnets via the abuse of open proxies and relays

Data Mining Research

[e-Speed logo]

The spam characterization and data mining research, SpamMining, is being developed by the e-Speed Laboratory, from the Federal University of Minas Gerais (UFMG) Computer Science Department (DCC).

The SpamMining is led by:

Papers in Portuguese

  • Análise do tráfego de spam coletado ao redor do mundo
    Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, Osvaldo Fonseca, Elverton Fazzion , Rubens E. A. Moreira.
    XXXI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2013), 2013, Brasília.
    PDF File (1.5 MB)

  • Detecção de Spams Utilizando Conteúdo Web Associado a Mensagens
    Marco Túlio Ribeiro, Leonardo V. Teixeira, Pedro H. Calais Guerra, Adriano A. Veloso, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
    XXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2011), 2011, Campo Grande.
    PDF File (816 KB)

  • Fatores que afetam o comportamento de spammers na rede.
    Gabriel C. Silva, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
    XI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2011, Brasília.
    PDF File (544 KB)

  • SpSb: um ambiente seguro para o estudo de spambots
    Gabriel C. Silva, Alison C. Arantes, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
    XI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2011, Brasília.
    PDF File (176 KB)

  • Identificação e Caracterização de Spammers a partir de Listas de Destinatários
    Pedro H. Calais Guerra, Marco Túlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'10), 2010, Gramado, RS, Brazil.
    PDF File (512 KB)

  • Caracterização do Encadeamento de Conexões para Envio de Spams
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    XXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'09), 2009, Recife, Brazil.
    PDF File (4.1 MB)

  • Caracterização de Estratégias de Disseminação de Spams
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
    XXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'08), 2008, Rio de Janeiro, Brazil.
    PDF File (320 KB)

Current Setup

Currently we have sensors deployed in 11 countries. These sensors were deployed with the invaluable help and cooperation of these organizations: AusCERT (Australia), CERT.at (Austria), CERT.unlp (Argentina), CLCERT (Chile), CSIRT ANTEL (Uruguay), CSIRT USP (Brazil), CSIRT UTPL (Ecuador), Shadowserver Foundation (Norway and United States), SurfCERT (Netherlands), TWCERT (Taiwan) and University of Alabama at Birmingham (United States).

All data is collected periodically by CERT.br, and used to generate statistics of the current behaviour, as well as stored in the data analysis servers, to be processed by the SpamMining team. This is an overview of the Architecture:

[SpamPots Architecture]

In a previous setup, from 2006 to 2007, the honeypots were located only in Brazilian Broadband networks, and were used to understand the abuse of these specific networks. Information about this first phase of the project can be found here:

Papers in English

  • Spam detection using web page content: a new battleground
    Marco Túlio Ribeiro, Leonardo V. Teixeira, Adriano A. Veloso, Dorgival Guedes, Wagner Meira Jr., Marcelo H. P. C. Chaves, Klaus Steding-Jessen, Cristine Hoepers.
    The 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'11), 2011, Perth, Australia.
    PDF File (1.7 MB)

  • Exploring the Spam Arms Race to Characterize Spam Evolution
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'10), 2010, Redmond, USA.
    PDF File (240 KB)

  • Spam Miner: A Platform for Detecting and Characterizing Spam Campaigns (demo paper)
    Pedro H. Calais Guerra, Douglas Pires, Marco Túlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    International Conference on Knowledge Discovery and Data Mining (KDD'09), 2009, Paris, France.
    PDF File (400 KB)

  • Spamming Chains: A New Way of Understanding Spammer Behavior
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    Sixth Conference on e-Mail and Anti-Spam (CEAS'09), 2009, Mountain View, USA.
    PDF File (4.2 MB)

  • A Campaign-based Characterization of Spamming Strategies
    Pedro H. Calais Guerra, Douglas Pires, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
    Fifth Conference on e-Mail and Anti-Spam (CEAS'08), 2008, Mountain View, USA.
    PDF File (240 KB)

Valid
XHTML 1.0! Valid CSS! CERT.br
$Date: 2012/10/22 11:19:35 $