Method to trim computer's spam diet
London, Jan 26 (ANI): A study by a group of computer scientists has found that a method used by spammers can be put into use to block the most common kind of spam.
Most spam messages originate in networks of compromised computers, called botnets, and owners are unaware that the machines quietly run malicious software in the background that pump out spam, reports New Scientist.
But researchers have now come up with a system that deciphers the templates a botnet is using to create spam, and these templates are then used to teach spam filters what to look for.
The system, developed by a team at the International Computer Science Institute in Berkeley, California, and the University of California, San Diego, works by exploiting a trick that spammers use to defeat email filters.
As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters.
Each message is generated from a template that specifies the message content and how it should be varied.
The team reasoned that analysing such messages could reveal the template that created them.
And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot.
To test their idea, the team installed a previously captured software bot onto a machine.
After analysing 1000 emails generated by this compromised machine - less than 10 minutes' work for most bots - the researchers were able to reverse-engineer the template.
Knowledge of that template then enabled filters to block further spam from that bot with 100 per cent accuracy.
High accuracy can be achieved by existing spam filters, but sometimes at the cost of blocking legitimate mail.
The new system did not produce a single false positive when tested against more than a million genuine messages.
"The biggest advantage is this false positive rate," Andreas Pitsillidis, one of the team members, said.
"This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters," Michael O'Reirdan, chairman of the Messaging Anti-Abuse Working Group, a coalition of technology companies, stated.
But he adds that botnets have grown so large that even a 1-minute delay in cracking the template would be "long enough for a very substantial spam campaign".
The research will be presented in March at the Network and Distributed System Security Symposium in San Diego. (ANI)