GIAC Paper of the Quarter

www.giac.org

•  
• Overview
  • Mission Statement
  • FAQ
  • Code of Ethics
  • GIAC Ethics Council
  • Code of Ethics - Violation Submission
  • EEOC Policy
  • Proctor Policy
  • Program Overview (PDF)
  • Contact
• Why GIAC
  Certification Matters
• Certifications
  • Roadmap
  • Steps To
  • Security Admin
    • GAWN
    • GCFA
    • GCFW
    • GCIA
    • GCIH
    • GCUX
    • GCWN
    • GISF
    • GREM
    • GSEC
    • GCED
    • GPEN
    • GWAPT
  • Management
    • GISP
    • GSLC
    • GCPM
  • Audit
    • G7799
    • GSNA
  • Software Security
    • GSSP-NET
    • GSSP-JAVA
  • GSE
  • GSE-Malware
  • GSE-Compliance
  • DoD 8570
  • Retired Certifications
• Certified
  Professionals
  • Listings
    • G7799
    • GAWN
    • GCFA
    • GCFW
    • GCIA
    • GCIH
    • GCUX
    • GCWN
    • GISF
    • GISP
    • GREM
    • GSEC
    • GCED
    • GSLC
    • GSSP-NET
    • GSNA
    • GPEN
    • GCPM
    • GSSP-JAVA
    • GWAPT
    • Retired Certifications
  • Profiles From The
    Front Lines
  • Does Certification Really Matter?
  • GIAC Hero
  • Business Card Logos
• GIAC Gold
• GIAC Expert Level
  • GSE
  • GSE-Malware
  • GSE-Compliance
• Skills Test and Report (STAR)
• GIAC Help and Information – NEW
• Challenge Info
• Registration Info
  • GIAC Pricing
  • Challenge Certification
• Exams
  • Practice Tests
  • Deadlines
  • Exam Technical Issues
• Proctor Program – NEW
  • Program Details
  • FAQ
  • KRYTERION Sites
  • Proctor Policy
  • Proctor Forms
  • Computer Requirements
• Retakes & Extensions
• Recertification
• Exam Feedback Procedure
• Grievance Procedure
• ADA Accomodation Policy
• Job Listings
• SANS Portal
• SANS Home
• SANS Software Security Institute
• SANS Reading Room
• Direct Links G7799 GSAE GPCI GSNA GAWN-C GCDS GLFR GLIT GBLC GLEG GCIP GHSC GISP GFSP GEWF GEIT GLDR GCIM GCPM GSLC GCSC GSPA GOEC GISO GISF SSP-CNSA GGSC-0400 SSP-DRAP SSP-MPA GGSC-0200 GSEC GGSC-0100 GPEN GSOC GWAS GWAPT SSP-GHD GCWN GCFA GCED GHTQ GCIA GCIH GCFW GIPS GCUX GAWN GNET GREM GSIP GSSP-C GSSP-JAVA GSSP-NET
•  

Congratulations to the GIAC White Paper winner for Q2 2009!

Jeremy's paper is titled Zombie Profiling with SMTP Greylisting and can be viewed from the SANS Reading Room. Jeremy will be presenting this topic at SANS Sydney 2009.

Author Bio

Jeremy Koster is an Information Security Specialist for a large Australian Telco. He has been working in Information Security and the IT industry in general for over 12 years. The last 5 years he has concentrated on eradicating spam and malware from corporate environments.

Jeremy provides security guidance for IT initiatives within his organization as well as being involved in PCI DSS compliance projects, network security, spam protection, defenses against malware and web application security. In particular, Jeremy architected and championed a successful anti-spam solution comprising commercial, open-source and in-house built components. Jeremy supports the business by articulating risk and providing pragmatic mitigating solutions in an industry where identifying real risks is often difficult.

Jeremy holds a CISSP, GCIH and a MInfoSysSec from Charles Sturt University.

Synopsis

Email is consistently used to propagate malware, conduct phishing and deliver spam. A large proportion of this unwanted email is sent by compromised machines or computer zombies. This paper observes that computer zombies react differently to being greylisted, providing a method to profile computer zombies into various types. The GCIH course touches on the concept that this age is the Òage of the botnetsÓ and how malware is propagated with the help of email. This paper extends this topic by analyzing greylisting activity for the purposes of identifying computer zombies and exploring methods to reduce the unwanted email received from botnets.

Submit your paper for the GIAC White Paper of the Quarter!

Three Reasons to Submit Your Paper

If you are the GIAC Paper of the Quarter winner:

• Your paper will be published in the SANS Reading Room (one of the most visited pages on our site)
• You'll be asked to present your topic at a SANS conference or via SANS webcast
• A FREE SANS OnDemand course! The winner will receive free tuition and books for a SANS OnDemand course of their choice.

Submission Requirements

• Papers should be:
• on a relevant and timely security subject
• have a significant impact on the information security community
• 10 - 20 pages in length
• You do not need to hold a GIAC certification to submit a paper
• Papers should follow the GIAC Gold Guidelines

Papers will be judged by industry experts and based on expertise, content and impact on the industry.

© 2000-2009 The SANS Institute

SANS Web Privacy Policy: www.giac.org/privacy.php - Web Contact: webmaster@giac.org

Phone: 301-654-7267 | Mon-Fri 9am-8pm EST/EDT

(ISC)² and CISSP are registered marks of the International Information Systems Security Certification Consortium, Inc.