CERT.br Computer Emergency Response Team Brazil
CGI.br NIC.br
honeyTARG
SpamPots Project

The Spampots Project, coordinated by CERT.br and part of the honeyTARG Honeynet Project, uses low-interaction honeypots to gather data related to the abuse of the Internet infrastructure by spammers. The main goals are:

  • measure the problem from a different point of view: abuse of infrastructure X spams received at the destination
  • help develop the spam characterization research
  • measure the abuse of network infrastructure to send spam
  • develop better ways to
    • identify phishing and malware
    • identify botnets via the abuse of open proxies and relays

Data Mining Research

[e-Speed logo]

The spam characterization and data mining research, SpamMining, is being developed by the e-Speed Laboratory, from the Federal University of Minas Gerais (UFMG) Computer Science Department (DCC).

The SpamMining is led by:

Papers in Portuguese

  • [Best paper award] SpamBands: uma metodologia para identificação de fontes de spam agindo de forma orquestrada
    Elverton Fazzion, Pedro Henrique B. Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    XIV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2014, Belo Horizonte.
    PDF File (642 KB)

  • Vizinhanças ou condomínios: uma análise da origem de spams com base na organização de sistemas autônomos
    Osvaldo Fonseca, Pedro Henrique B. Las-Casas, Elverton Fazzion, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    XXXII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2014), 2014, Florianópolis.
    PDF File (2.3 MB)

  • Análise do tráfego de spam coletado ao redor do mundo
    Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, Osvaldo Fonseca, Elverton Fazzion , Rubens E. A. Moreira.
    XXXI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2013), 2013, Brasília.
    PDF File (1.5 MB)

  • Caracterização Temporal de Estratégias de Disseminação de Spam
    Luam C. Totti, Rubens E. A. Moreira, Elverton Fazzion, Osvaldo Fonseca, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
    XXX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2012), 2012, Ouro Preto.
    PDF File (1.1 MB)

  • Detecção de Spams Utilizando Conteúdo Web Associado a Mensagens
    Marco Túlio Ribeiro, Leonardo V. Teixeira, Pedro H. Calais Guerra, Adriano A. Veloso, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
    XXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2011), 2011, Campo Grande.
    PDF File (816 KB)

  • Fatores que afetam o comportamento de spammers na rede.
    Gabriel C. Silva, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
    XI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2011, Brasília.
    PDF File (544 KB)

  • SpSb: um ambiente seguro para o estudo de spambots
    Gabriel C. Silva, Alison C. Arantes, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
    XI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2011, Brasília.
    PDF File (176 KB)

  • Identificação e Caracterização de Spammers a partir de Listas de Destinatários
    Pedro H. Calais Guerra, Marco Túlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'10), 2010, Gramado, RS, Brazil.
    PDF File (512 KB)

  • Caracterização do Encadeamento de Conexões para Envio de Spams
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    XXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'09), 2009, Recife, Brazil.
    PDF File (4.1 MB)

  • Caracterização de Estratégias de Disseminação de Spams
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
    XXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'08), 2008, Rio de Janeiro, Brazil.
    PDF File (320 KB)

Current Setup

Currently we have sensors deployed in 12 countries. These sensors were deployed with the invaluable help and cooperation of these organizations (ordered by country names): CSIRT UNLP (Argentina), AusCERT (Australia), CERT.at (Austria), CSIRT USP (Brazil), CLCERT (Chile), CSIRT CEDIA (Ecuador), HKCERT (Hong Kong), SurfCERT (Netherlands), Shadowserver Foundation (Norway and United States), TWCERT (Taiwan), University of Alabama at Birmingham (United States), and CSIRT ANTEL (Uruguay).

All data is collected periodically by CERT.br, and used to generate statistics of the current behaviour, as well as stored in the data analysis servers, to be processed by the SpamMining team. This is an overview of the Architecture:

[SpamPots Architecture]

In a previous setup, from 2006 to 2007, the honeypots were located only in Brazilian Broadband networks, and were used to understand the abuse of these specific networks. Information about this first phase of the project can be found here:

Papers in English

  • Spam detection using web page content: a new battleground
    Marco Túlio Ribeiro, Leonardo V. Teixeira, Adriano A. Veloso, Dorgival Guedes, Wagner Meira Jr., Marcelo H. P. C. Chaves, Klaus Steding-Jessen, Cristine Hoepers.
    The 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'11), 2011, Perth, Australia.
    PDF File (1.7 MB)

  • Exploring the Spam Arms Race to Characterize Spam Evolution
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'10), 2010, Redmond, USA.
    PDF File (240 KB)

  • Spam Miner: A Platform for Detecting and Characterizing Spam Campaigns (demo paper)
    Pedro H. Calais Guerra, Douglas Pires, Marco Túlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    International Conference on Knowledge Discovery and Data Mining (KDD'09), 2009, Paris, France.
    PDF File (400 KB)

  • Spamming Chains: A New Way of Understanding Spammer Behavior
    Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
    Sixth Conference on e-Mail and Anti-Spam (CEAS'09), 2009, Mountain View, USA.
    PDF File (4.2 MB)

  • A Campaign-based Characterization of Spamming Strategies
    Pedro H. Calais Guerra, Douglas Pires, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
    Fifth Conference on e-Mail and Anti-Spam (CEAS'08), 2008, Mountain View, USA.
    PDF File (240 KB)

Valid
XHTML 1.0! Valid CSS! CERT.br
$Date: 2015/02/09 11:39:40 $