Email bomb
   HOME

TheInfoList



Click Here for Items Related To - Email bomb
OR:
Email bomb on:   [Wikipedia]   [Google]   [Amazon]

On
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...
usage, an email bomb is a form of net abuse that sends large volumes of
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
to an address to overflow the mailbox, overwhelm the
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
where the email address is hosted in a
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...
(DoS attack) or as a
smoke screen A smoke screen is smoke released to mask the movement or location of military units such as infantry, tanks, aircraft, or ships. Smoke screens are commonly deployed either by a canister (such as a grenade) or generated by a vehicle (such as ...
to distract the attention from important email messages indicating a
security breach Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
.Dima Bekerman
How Registration Bots Concealed the Hacking of My Amazon Account
Application Security, Industry Perspective, December 1st 2016, In: amperva.com/blog


Methods

There are three methods of perpetrating an email bomb: mass mailing, list linking and zip bombing.


Mass mailing

Mass mailing consists of sending numerous duplicate emails to the same
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters. Email-bombing using mass mailing is also commonly performed as a
DDoS In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
attack by employing the use of
botnets A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
; hierarchical networks of computers compromised by
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
and under the attacker's control. Similar to their use in
spamming Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especia ...
, the attacker instructs the botnet to send out millions of emails, but unlike normal botnet spamming, the emails are all addressed to only one or a few addresses the attacker wishes to flood. This form of email bombing is similar to other DDoS flooding attacks. As the targets are frequently the dedicated hosts handling website and email accounts of a business, this type of attack can be devastating to both services of the host. This type of attack is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each
zombie computer In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hac ...
sending a different message or employing stealth techniques to defeat spam filters.


List linking

List linking, also known as "email cluster bomb", means signing a particular email address up to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. The attack can be carried out automatically with simple scripts: this is easy, almost impossible to trace back to the perpetrator, and potentially very destructive. A massive attack of this kind targeting .gov email addresses was observed in August 2016. In order to prevent this type of bombing, most email subscription services send a confirmation email to a person's inbox when that email is used to register for a subscription. However, even the confirmation emails contribute to the attack. A better defense would prevent websites from being exploited without abandoning subscription forms. After a subscription form is filled out, the website would dynamically create a mailto link to itself. A legitimate user would then send a message to validate the request without receiving any email from the website. While the sender's email could be spoofed, the sender's SMTP IP address cannot. The list manager can therefore verify that the email in the form request matches the originating SMTP server in the validation message. A large number of confirmation emails initiated by registration bots signing up a specific email address to a multitude of services can be used to distract the view from important emails indicating that a security breach has happened elsewhere. If, for example, an Amazon account has been hacked, the hacker may contrive to have a flood of confirmation emails sent to the email address associated with the account to mask the fact that the Amazon shipment address has been changed and purchases have been made by the hacker.


Zip bombing

A ZIP bomb is a variant of mail-bombing. After most commercial mail servers began checking mail with anti-virus software and filtering certain malicious file types,
EXE Exe or EXE may refer to: * .exe, a file extension * exe., abbreviation for executive Places * River Exe, in England * Exe Estuary, in England * Exe Island, in Exeter, England Transportation and vehicles * Exe (locomotive), a British locomotiv ...
,
RAR RAR or Rar may refer to: * Radio acoustic ranging, a non-visual technique for determining a ship's position at sea * "rar", the ISO 639-2 code for the Cook Islands Māori language * RAR (file format), a proprietary compressed archive file format i ...
, Zip,
7-Zip 7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own archive format called 7z, ...
, mail server software was then configured to unpack archives and check their contents as well. A new idea to combat this solution was composing a "bomb" consisting of an enormous text file, containing, for example, only the letter ''z'' repeating millions of times. Such a file compresses into a relatively small archive, but its unpacking (especially by early versions of mail servers) would use a greater amount of processing, which could result in a
Denial of Service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...
. A ZIP or .tar.gz file can even contain a copy of itself, causing infinite recursion if the server checks nested archive files.


Text message bomb

A "text bomb" is a similar variant of sending a large number of text messages over
SMS Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text ...
. The technique is a means of
cyberbullying Cyberbullying or cyberharassment is a form of bullying or harassment using electronic means. Cyberbullying and cyberharassment are also known as online bullying. It has become increasingly common, especially among teenagers, as the digital ...
or online harassment. Apps online on the
Android operating system Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of d ...
have since been banned as a means of sending text bombs. The text messages may also lead to high phone bill charges on some mobile plans. Additionally, certain phone apps have also been created to prevent text bombs on Android OS.


References

{{Reflist


External links


CERT - Email Bombing and Spamming

Email Cluster Bomb Research
Email Denial-of-service attacks