CHAPTER 20

SPAM, PHISHING, AND TROJANS: ATTACKS MEANT TO FOOL

Stephen Cobb

20.1 UNWANTED E-MAIL AND OTHER PESTS: A SECURITY ISSUE

20.1.1 Common Elements

20.1.2 Chapter Organization

20.2 E-MAIL: AN ANATOMY LESSON

20.2.1 Simple Mail Transport Protocol

20.2.2 Heads-Up

20.3 SPAM DEFINED

20.3.1 Origins and Meaning of Spam (not SPAM™)

20.3.2 Digging into Spam

20.3.3 Spam's Two-Sided Threat

20.4 FIGHTING SPAM

20.4.1 Enter the Spam Fighters

20.4.2 A Good Reputation?

20.4.3 Relaying Trouble

20.4.4 Black Holes and Block Lists

20.4.5 Spam Filters

20.4.6 Network Devices

20.4.7 E-mail Authentication

20.4.8 Industry Initiatives

20.4.9 Legal Remedies

20.5 PHISHING

20.5.1 What Phish Look Like

20.5.2 Growth and Extent of Phishing

20.5.3 Where Is the Threat?

20.5.4 Phish Fighting

20.6 TROJAN CODE

20.6.1 Classic Trojans

20.6.2 Basic Anti-Trojan Tactics

20.6.3 Lockdown and Quarantine

20.7 CONCLUDING REMARKS

20.8 FURTHER READING

20.9 NOTES

20.1 UNWANTED E-MAIL AND OTHER PESTS: A SECURITY ISSUE.

Three oddly named threats to computer security are addressed in this chapter: spam, phishing, and Trojan code. Spam is unsolicited commercial e-mail. Phishing is the use of deceptive unsolicited e-mail to obtain—to fish electronically for—confidential information. Trojan code, a term derived from the Trojan horse, is software designed to achieve unauthorized access to systems by posing as legitimate applications. In this chapter, we outline the threats posed by spam, phishing, and Trojans as well as the mitigation ...

Get Computer Security Handbook, Fifth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.