‘Friendly’ email may not be
p2p news / p2pnet: Spammers want to get into your email box by one means or another and the next generation of junk may arrive disguised as deceptively friendly email from someone you’d let past your filters.
Moreover, it’s not only possible, but relatively easy to automatically generate this new type of spam, say two Canadian scientists who used one pool of manually generated email, and another from publicly available Enron databases released after the company’s collapse, to prove their point.
"Today’s spam filters are highly effective, but they may be no match for spammers seeking new ways to fool people into visiting commercial websites or downloading rogue software carrying viruses, worms, spyware, or other dangerous applications," says John Aycock, an assistant professor of computer science at the University of Calgary in Alberta, Canada.
Aycock and student Nathan Friess say it’s possible to create a new type of spam able to bypass even the best spam filters and trick experienced computer users who’d normally delete suspicious email messages, .
Anticipating spammers’ next moves
The two will present these findings, together with possible solutions, on April 30 at the 15th annual conference of the European Institute for Computer Anti-Virus Research in Hamburg, Germany.
"The aim of the research is to raise awareness of the potential threat so that anti-spam software can be written that anticipates spammers’ next moves and protects business and personal computers," they say in a statement.
Aycock believes spammers could soon use zombie computers in a totally new way.
Instead of housing only spam generating software, infected computers could also house programs to spy into a person’s email, mine it for information, and generate realistic-looking replies.
"Such a specific, targeted approach has previously been viewed as too complex to be worth spammers’ efforts," say Aycock and Friess.
A computer program mined data in both the email pools mentioned earlier, "finding statistically significant patterns of abbreviation, capitalization and signatures," say the researchers.
"A second program used these patterns to automatically transform a standard, one-line spam message into convincing, individualized replies."
The new approach apparently hasn’t been used yet, but Aycock warns it’s only a matter of time before they do.
"All the pieces are in place right now," he says. "Spammers are using zombie networks, spammers have access to email accounts, spammers know that spam filters are catching most of their messages. They’re looking for ways around those defences. Also, data mining has been used for a long time by lots of people. And what we’re talking about is very simple data mining. At some point, the other shoe has to drop."
Here’s what to do
But it’s not all doom and gloom. If the weapons to produce scam-spam are within easy reach, so are some of the ways to defeat them, and they’re, "all within technical reach right now," says Aycock. "They’re just not packaged nicely like some other anti-spam solutions."
Aycock hopes companies that make anti-spam software and email programs will quickly integrate some of his suggested solutions into existing software suites. He also recommends that business and personal computer users remain vigilant and keep their existing defences up to date in order to prevent their computers from becoming infected "zombies."
Meanwhile, here’s what he thinks you should do:
Store and encrypt old email. Temporarily stops email mining.
Place fake messages (called "spam traps") in stored email folders. Include fake addresses and fake signatures. Automatically generated replies to these fake messages signals a spam attack.
Build a wall (called a "sandbox") around your Internet browser. When viewing links from email, use only this browser. Prevents invisible, "behind-the-scenes" software downloads from the browser.
Closely monitor Internet links sent via email. Makes sure the browser isn’t being redirected to a malicious Internet site.
Keep your software updated with the latest antivirus patches, and install firewall software if you don’t have it. Prevents your computer from becoming an infected "zombie" that can send messages to others.
Regularly update your antivirus software. Detects malicious software arriving at your computer.
Remove any suspicious software or attachments. Prevents malware from damaging your computer or stealing your personal information.
Meanwhile, there’s a technical (pre-conference) version of the paper here, and/or you can check out the European Institute for Computer Anti-Virus Research website here.
Also See:
John Aycock – New weapons needed for the war on junk email, April 27, 2006
