Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Next Generation Spam Zombies Will Use Data Mining

Posted by Zonk on Fri Apr 28, 2006 01:46 PM
from the hate-these-new-fast-zombies dept.
Spam Communications Security
branewashd writes "The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Next Generation Spam Zombies Will Use Data Mining 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • The three forces driving spam (Score:5, Insightful)

    by chriss (26574) * <chriss@memomo.net> on Friday April 28 2006, @01:49PM (#15222785) Homepage
    Technical advances
    Better tricks to fool spam filters, like the examination of text the user has written mentioned in TFA. This is close to impossible to stop, the only way is to try to be faster in developing better anti spam tools.
    Lack of security
    Most spam today is send from captured machines, and in the future these machines will not only be used to send but also to improve spam. This could be helped by better educated users, better default system security or easier to understand security configurations. At least there is hope.
    Response
    The only reason for all this spam is that it still pays. Even though it is a very small number of people, it is enough to finance the whole illegal business of building bot nets, stealing addresses etc. If there was a way to stop people to buy that stuff, the other two points would be irrelevant. Unfortunately this is not going to happen, which is the most frustrating part.
    • Explain all the dictionary phrase spam, that has no valid message then?

      just jumbles of phrases- and nothing advertised?

      • Re:who is buying-when no one is selling (Score:2, Informative)

        by Anonymous Coward
        It's being used to disable the Bayesian-style filters that tend to work on keywords. Basically the idea is to flood the filter with a lot of junk messages that give false positives, thus making the filters less effective as the user attempts to tag all these junk messages as spam.
      • Explain all the dictionary phrase spam, that has no valid message then? just jumbles of phrases- and nothing advertised?

        I'm astonished by those all the time. My Thunderbird is throwing out about 2000 mails a day, and I am often confused about those it didn't catch. I could not recognize them as spam either, since they contain no product names, no links, nothing.

        But since I believe that nothing that can be explained with stupidity should be explained by conspiracy theories, I assume these are accidents.

        • Well poisoners... (Score:4, Interesting)

          by mengel (13619) <mengelNO@SPAMusers.sourceforge.net> on Friday April 28 2006, @02:17PM (#15222998) Homepage Journal
          These are attempts to poison word-based beysian(sp?) spam filters.

          If you mark enough of these random collection of useful word messages as spam, your beysian spam filer will start filing real, useful email as spam, and you will eventually decide the filter doesn't work and turn it off...

          Of course, if you feed your filter just the headers and stuff that actually looks like spam, and not the blocks of random words, it can still learn useful things.

            • Re:Well poisoners... (Score:5, Funny)

              by chriss (26574) * <chriss@memomo.net> on Friday April 28 2006, @03:20PM (#15223483) Homepage
              If evolution wasn't broken and stupid people did less breeding and more dying ...

              I think this would be an universal solution to almost all of mankinds problems.

              • Even though I wrote it myself, I am somewhat scared about the moderation. A couple of hour ago it was 3-Funny. It was intended to be funny. Now it is 4-Insightful.

                I will not assume that a lot of slashdot users will support the idea of solving problems by removing the part of the population that causes the problem. Most will be aware that a) even idiots usually have positive sides, b) an idiot in one area may be a genius in another, c) trying to fix something complex like society with a hammer will most like

    • Re:The three forces driving spam (Score:5, Funny)

      by Arandir (19206) on Friday April 28 2006, @02:32PM (#15223096) Homepage Journal
      The only reason for all this spam is that it still pays.

      Here's the funny thing. Joe will receive a spam that has been carefully constructed as to appear to be coming from his mother. Why the fsck would he believe it? Is he so stupid that he would buy viagra and hoodia from his mother? The answer, unfortunately, is yes...

      "Dear Son,

      I am so sorry to hear about your injury. Have you considered **Ci@L15**? My arthritis is acting up, I think I will LAST ALL WEEKEND! When will you come down next, because PLEASE THE CHICAS!

      Love,
      Mum"
    • The only reason for all this spam is that it still pays.

      You have clearly identified the problem. Disrupt the money stream and spam would go away. The best way to disrupt the money stream is at the source, the idiots that actually buy the crap pushed in spam.

      How do you stop the idiots from buying spam crap? Easy, send email to all users, those that click on the contents and attempt to buy the bait are identified, tracked down, computers are confiscated, and they are barred from the Internet for lif

  • Welcome to the world of tomorrow! (Score:2, Funny)

    by Anonymous Coward
    Or... the world of 1998? Didn't pretty much all Outlook worms do this?
  • Damn, I hope they don't abuse the hell out of the Weka Project [waikato.ac.nz], that's one slick open source engine I've used time and again. It'd be a crying shame to see it put to use of ill repute!
    The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.
    Like what? Capital punishment for spammers?

  • Some will be lucky (Score:3, Funny)

    by Progman3K (515744) on Friday April 28 2006, @01:53PM (#15222824)
    There will be some people who will get pop-ups from the zombie virus requesting that they upgrade their machine to be able to run the virus properly.

    That's sure to be a dead giveaway...

  • Same reply for all these threads.. (Score:5, Insightful)

    by brxndxn (461473) on Friday April 28 2006, @01:53PM (#15222825)
    1. This is Microsoft's fault.. Microsoft should fix their operating system to ask for a password any time a program is installed, registry settings are changed, key files are modified, etc.. Also, 'install on demand' should be eliminated from Internet Explorer. Ever notice how spyware pretty much didn't exist before Microsoft gave the developers complete control over a person's PC? The end user is stupid. The whole premise of Windows assumes that.. So then why did Microsoft decide that the end user should be able to have his system completely compromised with ONE SINGLE GODDAMN FUCKING WRONG CLICK WHEN BROWSING A SHADY SITE?

    2. This is the fault of the legal system. Spyware is ALREADY illegal. Congress has talked about making it 'illegaler.' Someone needs to jump forth and realize the moneymaking potential that it is to sue the pants off the incessant spammers.

    Again.. 99.9% of spyware problems can be fixed by just running in limited user mode. Ubuntu has the right idea..
  • "Hi mom, I'm coming home this weekend, and I'll have a load of laundry. I'll also need some money because I can get P3NNY ST0X GO WILD OVER OTCBB FFFF! and some C1AL1S CHEAP AT HTTP //CHEAPERDR00GZ.MX/ !! Could you just transfer the funds to my account, it's easy to do, just go to 12.51.53.21/htedit/upload/pics/boa_rip/index.htm [bankofamerica.com]!"
    • This will make it even more difficult to have an affair!

      "Hey Honey!

      I hope to see you this weekend. I've increased my pen15! I've made sure the kids are 'spending the night' over at their friend's houses, and my wife's out. Now we'll get to celebrate our anniversary with those new nippl3 clamps I bought you!

      Love and V1agra,
      Hermie."

  • How to kill a zombie (Score:3, Informative)

    by Ohreally_factor (593551) on Friday April 28 2006, @01:54PM (#15222833) Journal
    The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.

    You have to destroy its brain, of course [portlandmercury.com].
    • Nah, just the original one. There's no need to go decapitating zombies left and right.

      What I want to know is: Why are so many people using Worcestershire Sauce as embalming fluid?

    • Re:How to kill a zombie (Score:2, Informative)

      by Anonymous Coward
      I love how a post that consists entirely of a joke referring to the horror movie genre is moderated Informative -- twice -- rather than something more accurate like, I don't know, FUNNY?

      Gotta love slashdot.
  • That doesn't sound like data mining, nor complicated data mining even... just a simple markoff-chain driven text generator would do. Anything more complicated than that wouldn't be data mining either, but rather computer linguistics.

  • What piques me about the article... (Score:5, Insightful)

    by GillBates0 (664202) on Friday April 28 2006, @01:55PM (#15222844) Homepage Journal
    ...is that they fail to mention the fact that _most_ (if not all) of these "spam zombies" happen to be Windows based machines. Agreed, most of the machines in the world run Windows, but shouldn't the news article atleast mention the fact that the 'zombification' is attributable (most of the time) to Windows vulnerabilities? Don't know if the UCalgary research team mentioned it in their paper.
    • Bonus points for spelling "pique" correctly!

      Too bad there's no +1 Good Spelling mod...
    • No, the problem isn't Windows vulnerabilities, it's uneducated users. My Windows PC is on all the time, connected to the internet, and it's behind a firewall. It hasn't ever been hit by any of these problems that slashdotters ever claim "just happen" to Windows PCs.

      Look at it this way. If Linux was the dominant platform, the issue would still exist. Let's assume for a second that Linux is 100% secure. The user will still see something online that says "Click here for free screensavers!" and guess wh

  • That's not data mining. It's just copying data (Score:5, Informative)

    by etully (158824) on Friday April 28 2006, @02:01PM (#15222883)
    Pet Peeve: Data mining is about making statistical inferences based on a large group of data and extracting patterns that nobody saw before.
    Examining someone's address book, copying an email in the Outbox, and inserting junk in the middle of that is no more than low tech vandalism.
  • Wasn't that on Sci-Fi last Thursday at 3am? I think they were From Beyond...
  • Isn't it fun to imagine spammers being sentenced to a couple hours in the stocks in the village square?

    Sigh.
  • "What we want to do in our research at the University of Calgary is get out of the cycle of just reacting to new problems we see."

    Change the spammer's email environment before it changes you.
    Have an email option solely for communication and not for commercial transfer or for selling things.
    I guess people/business wouldn't go for that.
  • I'm waiting for someone to come up with an expert system /AI that looks for new securtity exploits and then uses them to spread it's own code to other systems. Try filtering that out.

  • researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'.

    Nice, so even if most spammers don't have the intelligence or resources to do the research for more sophisticated spamming (beyond finding yet another exploit for IE), a bunch of researchers do it for them and publish the papers.

    How helpful o

  • Oh, really? (Score:5, Funny)

    by aardvarkjoe (156801) on Friday April 28 2006, @02:25PM (#15223045)
    Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.
    For instance, before sending someone your credit card number, take a moment to ask yourself whether or not your mother is likely to be offering to sell you penis enlargement pills.

    Somehow, I don't think it is going to be difficult to tell the difference, simply because my friends are not trying to peddle things to me.

  • I regularly recieve emails of exactly this nature to several addresses I use to deal with shady/or poorly managed state agencies. I noticed address mining of this sort at least 16 months ago. I typically know that a given shop will be calling for some sort of aid when I start getting my own (slightly modified and links added) back with own signature attached(once again slightly mispelled).

  • My solution is to make no friends (Score:3, Funny)

    by Donjo (797935) on Friday April 28 2006, @02:53PM (#15223266) Homepage Journal
    Then I won't be in anybody's contact list.
    • Past performance does not indicate future returns.

      Just that the idea is there, and there's a big market, makes it prudent to get ready for whatever we can reasonably see coming at us.
    • Never underestimate spammers. It may give you a warm and fuzzy feeling to assume that "spammers are stupid," but some of them are surprisingly sophisticated.

      One reason we're still in an arms race against spammers is that some of them -- just enough -- have the expertise (or can hire a less than scrupulous developer to provide it) to counteract just about every technological measure we've thrown at them so far.

      To assume that spammers are too stupid to work around something is to fall into the trap of being

    • Re:Spam Zombie? (Score:5, Informative)

      by Kelson (129150) * on Friday April 28 2006, @02:14PM (#15222985) Homepage Journal
      What does this exactly entail? Does the computer first have to be compromised? Spyware/spamware installed through a backdoor? I've lightly read through the paper and it does mention that some sort of malware may be present on the victim's machine.

      Yes. This has been standard operating procedure for many spammers for about two years now. Virus, worm, and spyware authors set up backdoors through which compromised computers can be loaded with spam-sending software. Then they sell access to these botnets on the black market. Spammers use software designed to blast out commands to dozens or hundreds of bots sitting in homes, businesses and elsewhere, which then spew their virtual sludge across the internet.

      The hardcore spammers effectively have infinite processing power and bandwidth, since they can distribute the load across a botnet, and when the same spam run is coming a few messages at a time from hundreds of IP addresses, it's a lot harder to blacklist by IP. That's why many ISPs have started filtering outgoing SMTP traffic, and why blacklists have cropped up that just block any incoming mail from dynamic IP space.
    • But besides that, maybe an ISP should by default block all but a few outbound ports unless the user requests them specifically (either via a web interface @ the ISP or by phone)?

      Two problems with that:

      1) While blocking access to port 25 outside of the ISP's network is one thing, you can't block port 80 or 443 (or some others) without seriously disrupting your customers' experience. So you have to let some traffic out. And there's nothing saying a zombie can't be programmed to connect on either of those port
      • 1) While blocking access to port 25 outside of the ISP's network is one thing, you can't block port 80 or 443 (or some others) without seriously disrupting your customers' experience. So you have to let some traffic out. And there's nothing saying a zombie can't be programmed to connect on either of those ports even if it doesn't use HTTP.

        Of course, not too many target mail servers are going to be listening for incoming mail on ports 80 and 443. Somewhere along the line, some machine under the spammer's co
    • Um, why? You don't need root to send mail, and Firefox has had its fair share of instant execution vulnerabilities. You can trivially hook yourself into the shell or session manager on Linux or MacOS X so you are always loaded at startup, and hax0ring Safari to steal encrypted form data is likewise scarily easy.

      Techniques like SELinux or AppArmor can stop this but they aren't integrated with most distros, it's still experimental stuff, and MacOS doesn't have anything like it.

      So, I don't see any logical

    • it's not even "more secure than what windows doeslol!"
      By default in linux:
        - Permissions tend to be inheireted
        - You tend to do everything as a single "user" with a single set of permissions.
        - Attempting to extend this scheme into something more realistic is, at the very least, non-trivial.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.