The Spampots Project, coordinated by CERT.br and part of the honeyTARG Honeynet Project, uses low-interaction honeypots to gather data related to the abuse of the Internet infrastructure by spammers. The main goals are:
- measure the problem from a different point of view: abuse of infrastructure X spams received at the destination
- help develop the spam characterization research
- measure the abuse of network infrastructure to send spam
- develop better ways to
- identify phishing and malware
- identify botnets via the abuse of open proxies and relays
Data Mining Research
The spam characterization and data mining research, SpamMining, is being developed by the e-Speed Laboratory, from the Federal University of Minas Gerais (UFMG) Computer Science Department (DCC).
The SpamMining is led by:
Papers in Portuguese
- Uma metodologia para identificao adaptativa e caracterizao de phishing
Pedro Henrique B Las-Casas, Osvaldo Fonseca, Elverton Fazzion, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, talo Cunha, Wagner Meira Jr, Dorgival Guedes.
XXXIV Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC 2016), 2016, Salvador.
PDF File (763 KB)
- SpamBands: a Methodology to Identify Sources of Spam Acting in Concert
Elverton Fazzion, Pedro Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
Brazilian Journal of Information Security and Cryptography, 2015.
PDF File (1.5 MB)
- Uma Anlise do Custo do Trfego de Spam para Operadores de Rede
Osvaldo Fonseca, Elverton Fazzion, talo Cunha, Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
XXXIII Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC 2015), 2015, Vitria.
PDF File (272 KB)
- [Best paper award] SpamBands: uma metodologia para identificao de fontes de spam agindo de forma orquestrada
Elverton Fazzion, Pedro Henrique B. Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
XIV Simpsio Brasileiro em Segurana da Informao e de Sistemas Computacionais, 2014, Belo Horizonte.
PDF File (642 KB)
- Vizinhanas ou condomnios: uma anlise da origem de spams com base na organizao de sistemas autnomos
Osvaldo Fonseca, Pedro Henrique B. Las-Casas, Elverton Fazzion, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
XXXII Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC 2014), 2014, Florianpolis.
PDF File (2.3 MB)
- Anlise do trfego de spam coletado ao redor do mundo
Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, Osvaldo Fonseca, Elverton Fazzion , Rubens E. A. Moreira.
XXXI Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC 2013), 2013, Braslia.
PDF File (1.5 MB)
- Caracterizao Temporal de Estratgias de Disseminao de Spam
Luam C. Totti, Rubens E. A. Moreira, Elverton Fazzion, Osvaldo Fonseca, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
XXX Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC 2012), 2012, Ouro Preto.
PDF File (1.1 MB)
- Deteco de Spams Utilizando Contedo Web Associado a Mensagens
Marco Tlio Ribeiro, Leonardo V. Teixeira, Pedro H. Calais Guerra, Adriano A. Veloso, Wagner Meira Jr., Dorgival Guedes, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
XXIX Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC 2011), 2011, Campo Grande.
PDF File (816 KB)
- Fatores que afetam o comportamento de spammers na rede.
Gabriel C. Silva, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
XI Simpsio Brasileiro em Segurana da Informao e de Sistemas Computacionais, 2011, Braslia.
PDF File (544 KB)
- SpSb: um ambiente seguro para o estudo de spambots
Gabriel C. Silva, Alison C. Arantes, Klaus Steding-Jessen, Cristine Hoepers, Marcelo H. P. C. Chaves, Wagner Meira Jr., Dorgival Guedes.
XI Simpsio Brasileiro em Segurana da Informao e de Sistemas Computacionais, 2011, Braslia.
PDF File (176 KB)
- Identificao e Caracterizao de Spammers a partir de Listas de Destinatrios
Pedro H. Calais Guerra, Marco Tlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC'10), 2010, Gramado, RS, Brazil.
PDF File (512 KB)
- Caracterizao do Encadeamento de Conexes para Envio de Spams
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
XXVII Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC'09), 2009, Recife, Brazil.
PDF File (4.1 MB)
- Caracterizao de Estratgias de Disseminao de Spams
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
XXVI Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos (SBRC'08), 2008, Rio de Janeiro, Brazil.
PDF File (320 KB)
Current Setup
Currently we have sensors deployed in 16 countries. These sensors were deployed with the invaluable help and cooperation of these organizations (ordered by country names): CSIRT UNLP (Argentina), AusCERT (Australia), CERT.at (Austria), CSIRT USP (Brazil), Team Cymru (Canada), CSIRT CEDIA (Ecuador), Team Cymru (Germany), HKCERT (Hong Kong), Team Cymru (India), IIJ - Internet Initiative Japan (Japan), SurfCERT (Netherlands), Team Cymru (Netherlands), Team Cymru (Singapore), Team Cymru (United Kingdom), Team Cymru (United States), TWCERT (Taiwan), and CSIRT ANTEL (Uruguay).
All data is collected periodically by CERT.br, and used to generate statistics of the current behaviour, as well as stored in the data analysis servers, to be processed by the SpamMining team. This is an overview of the Architecture:
In a previous setup, from 2006 to 2007, the honeypots were located only in Brazilian Broadband networks, and were used to understand the abuse of these specific networks. Information about this first phase of the project can be found here:
- CERT.br Conferences' Presentations, which include several about the current and previous phases.
- Preliminary Results of the SpamPots Projects (whitepaper in Portuguese)
Papers in English
- Measuring, Characterizing, and Avoiding Spam Traffic Costs
Osvaldo Fonseca, Elverton Fazzion, Italo Cunha, Pedro Henrique B. Las-Casas, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
IEEE Internet Computing, Volume: 20, Issue: 4, Jul-Aug. 2016.
http://ieeexplore.ieee.org/document/7478420/
- SpamBands: a Methodology to Identify Sources of Spam Acting in Concert
Elverton Fazzion, Pedro Henrique B. Las-Casas, Osvaldo Fonseca, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers ; Klaus Steding-Jessen ; Marcelo H. P. C. Chaves.
IEEE Latin America Transactions, Volume: 14, Issue: 6, Jun. 2016.
http://ieeexplore.ieee.org/document/7555286/
- Neighborhoods and bands: an analysis of the origins of spam
Osvaldo Fonseca, Elverton Fazzion, Pedro Henrique B Las-Casas, Dorgival Guedes, Wagner Meira Jr, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves.
Journal of Internet Services and Applications (JISA), 2015.
PDF File (3.8 MB)
- Spam detection using web page content: a new battleground
Marco Tlio Ribeiro, Leonardo V. Teixeira, Adriano A. Veloso, Dorgival Guedes, Wagner Meira Jr., Marcelo H. P. C. Chaves, Klaus Steding-Jessen, Cristine Hoepers.
The 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'11), 2011, Perth, Australia.
PDF File (1.7 MB)
- Exploring the Spam Arms Race to Characterize Spam Evolution
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS'10), 2010, Redmond, USA.
PDF File (240 KB)
- Spam Miner: A Platform for Detecting and Characterizing Spam Campaigns (demo paper)
Pedro H. Calais Guerra, Douglas Pires, Marco Tlio Ribeiro, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
International Conference on Knowledge Discovery and Data Mining (KDD'09), 2009, Paris, France.
PDF File (400 KB)
- Spamming Chains: A New Way of Understanding Spammer Behavior
Pedro H. Calais Guerra, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Marcelo H. P. C. Chaves, Klaus Steding-Jessen.
Sixth Conference on e-Mail and Anti-Spam (CEAS'09), 2009, Mountain View, USA.
PDF File (4.2 MB)
- A Campaign-based Characterization of Spamming Strategies
Pedro H. Calais Guerra, Douglas Pires, Dorgival Guedes, Wagner Meira Jr., Cristine Hoepers, Klaus Steding-Jessen.
Fifth Conference on e-Mail and Anti-Spam (CEAS'08), 2008, Mountain View, USA.
PDF File (240 KB)