Method to trim computer’s spam diet
January 26th, 2010 - 2:43 pm ICT by ANI ( Leave a comment )London, Jan 26 (ANI): A study by a group of computer scientists has found that a method used by spammers can be put into use to block the most common kind of spam.
Most spam messages originate in networks of compromised computers, called botnets, and owners are unaware that the machines quietly run malicious software in the background that pump out spam, reports New Scientist.
But researchers have now come up with a system that deciphers the templates a botnet is using to create spam, and these templates are then used to teach spam filters what to look for.
The system, developed by a team at the International Computer Science Institute in Berkeley, California, and the University of California, San Diego, works by exploiting a trick that spammers use to defeat email filters.
As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters.
Each message is generated from a template that specifies the message content and how it should be varied.
The team reasoned that analysing such messages could reveal the template that created them.
And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot.
To test their idea, the team installed a previously captured software bot onto a machine.
After analysing 1000 emails generated by this compromised machine - less than 10 minutes’ work for most bots - the researchers were able to reverse-engineer the template.
Knowledge of that template then enabled filters to block further spam from that bot with 100 per cent accuracy.
High accuracy can be achieved by existing spam filters, but sometimes at the cost of blocking legitimate mail.
The new system did not produce a single false positive when tested against more than a million genuine messages.
“The biggest advantage is this false positive rate,” Andreas Pitsillidis, one of the team members, said.
“This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters,” Michael O’Reirdan, chairman of the Messaging Anti-Abuse Working Group, a coalition of technology companies, stated.
But he adds that botnets have grown so large that even a 1-minute delay in cracking the template would be “long enough for a very substantial spam campaign”.
The research will be presented in March at the Network and Distributed System Security Symposium in San Diego. (ANI)
- Spam emails drop sharply to 50 bn per day since Christmas - Jan 08, 2011
- Experts think up smarter honeypot traps to track malware - Feb 27, 2010
- Drastic fall in global spam e-mail levels - Jan 07, 2011
- Russia targets 1 man & one-fifth of the world's spam reduces - Oct 29, 2010
- Global decline in spam e-mail could be "short lived" - Jan 11, 2011
- Junk emails register dramatic drop - Jan 09, 2011
- Attack on Gawker enables spammers to take over Twitter accounts - Dec 14, 2010
- Malicious software links featuring bin-Laden's pics could be a virus: FBI - May 04, 2011
- World's biggest source of spam e-mails shut down - Mar 20, 2011
- Stop spam and save planet from greenhouse gases - Apr 27, 2009
- Southampton Varsity evolves new way to assassinate spam - May 11, 2010
- Cyber criminals may have created 'zombie' cellphone network - Jul 18, 2009
- Fake Internet postcards linked to most prevalent U.S. computer virus - Jul 27, 2009
- Botnet attacks the CIA website - Feb 03, 2010
- Web-based malicious attacks on rise in India: study - May 04, 2009
Tags: berkeley california, botnet, botnets, california san diego, computer science institute, computer scientists, email filters, genuine messages, international computer science, legitimate mail, london jan, malicious software, new scientist, spam filters, spam messages, spam reports, subtle changes, team members, university of california, university of california san diego
