The Spampots Project, coordinated by CERT.br and part of the honeyTARG Honeynet Project, uses low-interaction honeypots to gather data related to the abuse of the Internet infrastructure by spammers. The main goals are:
- measure the problem from a different point of view: abuse of infrastructure X spams received at the destination
- help develop the spam characterization research
- measure the abuse of network infrastructure to send spam
- develop better ways to
- identify phishing and malware
- identify botnets via the abuse of open proxies and relays
Data Mining Research
The spam characterization and data mining research, SpamMining, is being developed by the e-Speed Laboratory, from the Federal University of Minas Gerais (UFMG) Computer Science Department (DCC).
The SpamMining is led by:
Papers in Portuguese
- Uma metodologia para identificação adaptativa e caracterização de phishing
Pedro Henrique B Las-Casas, Osvaldo Fonseca, Elverton Fazzion, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, Ítalo Cunha, Wagner Meira Jr, Dorgival Guedes.
XXXIV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2016), 2016, Salvador.
PDF File (763 KB)
- SpamBands: a Methodology to Identify Sources of Spam Acting in Concert
Elverton Fazzion, Pedro Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
Brazilian Journal of Information Security and Cryptography, 2015.
PDF File (1.5 MB)
- Uma Análise do Custo do Tráfego de Spam para Operadores de Rede
Osvaldo Fonseca, Elverton Fazzion, Ítalo Cunha, Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
XXXIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2015), 2015, Vitória.
PDF File (272 KB)
- [Best paper award] SpamBands: uma metodologia para identificação de fontes de spam agindo de forma orquestrada
Elverton Fazzion, Pedro Henrique B. Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
XIV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2014, Belo Horizonte.
PDF File (642 KB)
- Vizinhanças ou condomínios: uma análise da origem de spams com base na organização de sistemas autônomos
Osvaldo Fonseca, Pedro Henrique B. Las-Casas, Elverton Fazzion, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
XXXII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2014), 2014, Florianópolis.
PDF File (2.3 MB)
- Análise do tráfego de spam coletado ao redor do mundo
Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, Osvaldo Fonseca, Elverton Fazzion , Rubens E. A. Moreira.
XXXI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2013), 2013, Brasília.
PDF File (1.5 MB)
- Caracterização Temporal de Estratégias de Disseminação de Spam
Luam C. Totti, Rubens E. A. Moreira, Elverton Fazzion, Osvaldo Fonseca, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
XXX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2012), 2012, Ouro Preto.
PDF File (1.1 MB)
- Detecção de Spams Utilizando Conteúdo Web Associado a Mensagens
Marco Túlio Ribeiro, Leonardo V. Teixeira, Pedro H. Calais Guerra, Adriano A. Veloso, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
XXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2011), 2011, Campo Grande.
PDF File (816 KB)
- Fatores que afetam o comportamento de spammers na rede.
Gabriel C. Silva, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
XI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2011, Brasília.
PDF File (544 KB)
- SpSb: um ambiente seguro para o estudo de spambots
Gabriel C. Silva, Alison C. Arantes, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
XI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, 2011, Brasília.
PDF File (176 KB)
- Identificação e Caracterização de Spammers a partir de Listas de Destinatários
Pedro H. Calais Guerra, Marco Túlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'10), 2010, Gramado, RS, Brazil.
PDF File (512 KB)
- Caracterização do Encadeamento de Conexões para Envio de Spams
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
XXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'09), 2009, Recife, Brazil.
PDF File (4.1 MB)
- Caracterização de Estratégias de Disseminação de Spams
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
XXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC'08), 2008, Rio de Janeiro, Brazil.
PDF File (320 KB)
Current Setup
Currently we have sensors deployed in 16 countries. These sensors were deployed with the invaluable help and cooperation of these organizations (ordered by country names): CSIRT UNLP (Argentina), AusCERT (Australia), CERT.at (Austria), CSIRT USP (Brazil), Team Cymru (Canada), CSIRT CEDIA (Ecuador), Team Cymru (Germany), HKCERT (Hong Kong), Team Cymru (India), IIJ - Internet Initiative Japan (Japan), SurfCERT (Netherlands), Team Cymru (Netherlands), Team Cymru (Singapore), Team Cymru (United Kingdom), Team Cymru (United States), TWCERT (Taiwan), and CSIRT ANTEL (Uruguay).
All data is collected periodically by CERT.br, and used to generate statistics of the current behaviour, as well as stored in the data analysis servers, to be processed by the SpamMining team. This is an overview of the Architecture:
In a previous setup, from 2006 to 2007, the honeypots were located only in Brazilian Broadband networks, and were used to understand the abuse of these specific networks. Information about this first phase of the project can be found here:
- CERT.br Conferences' Presentations, which include several about the current and previous phases.
- Preliminary Results of the SpamPots Projects (whitepaper in Portuguese)
Papers in English
- Measuring, Characterizing, and Avoiding Spam Traffic Costs
Osvaldo Fonseca, Elverton Fazzion, Italo Cunha, Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
IEEE Internet Computing, Volume: 20, Issue: 4, Jul-Aug. 2016.
http://ieeexplore.ieee.org/document/7478420/
- SpamBands: a Methodology to Identify Sources of Spam Acting in Concert
Elverton Fazzion, Pedro Henrique B. Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers ; Klaus Steding-Jessen ; Marcelo H. P. C. Chaves.
IEEE Latin America Transactions, Volume: 14, Issue: 6, Jun. 2016.
http://ieeexplore.ieee.org/document/7555286/
- Neighborhoods and bands: an analysis of the origins of spam
Osvaldo Fonseca, Elverton Fazzion, Pedro Henrique B Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
Journal of Internet Services and Applications (JISA), 2015.
PDF File (3.8 MB)
- Spam detection using web page content: a new battleground
Marco Túlio Ribeiro, Leonardo V. Teixeira, Adriano A. Veloso, Dorgival Guedes, Wagner Meira Jr., Marcelo H. P. C. Chaves, Klaus Steding-Jessen, Cristine Hoepers.
The 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'11), 2011, Perth, Australia.
PDF File (1.7 MB)
- Exploring the Spam Arms Race to Characterize Spam Evolution
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'10), 2010, Redmond, USA.
PDF File (240 KB)
- Spam Miner: A Platform for Detecting and Characterizing Spam Campaigns (demo paper)
Pedro H. Calais Guerra, Douglas Pires, Marco Túlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
International Conference on Knowledge Discovery and Data Mining (KDD'09), 2009, Paris, France.
PDF File (400 KB)
- Spamming Chains: A New Way of Understanding Spammer Behavior
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
Sixth Conference on e-Mail and Anti-Spam (CEAS'09), 2009, Mountain View, USA.
PDF File (4.2 MB)
- A Campaign-based Characterization of Spamming Strategies
Pedro H. Calais Guerra, Douglas Pires, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
Fifth Conference on e-Mail and Anti-Spam (CEAS'08), 2008, Mountain View, USA.
PDF File (240 KB)