Next Generation Spam Zombies Will Use Data Mining 133
branewashd writes "The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it."
The three forces driving spam (Score:5, Insightful)
who is buying-when no one is selling (Score:2, Troll)
just jumbles of phrases- and nothing advertised?
Re:who is buying-when no one is selling (Score:2, Informative)
Re:who is buying-when no one is selling (Score:2)
I'm astonished by those all the time. My Thunderbird is throwing out about 2000 mails a day, and I am often confused about those it didn't catch. I could not recognize them as spam either, since they contain no product names, no links, nothing.
But since I believe that nothing that can be explained with stupidity should be explained by conspiracy theories, I assume these are accidents.
Well poisoners... (Score:4, Interesting)
If you mark enough of these random collection of useful word messages as spam, your beysian spam filer will start filing real, useful email as spam, and you will eventually decide the filter doesn't work and turn it off...
Of course, if you feed your filter just the headers and stuff that actually looks like spam, and not the blocks of random words, it can still learn useful things.
Re:Well poisoners... (Score:2, Interesting)
Bayesian is probably the most useful part of the anti-spam system, but also the most annoying to administer because of this poisoning. I can't even count the number different methods I've tried to keep an accurate bayesian database since the poisoning started, and number of
Re:Well poisoners... (Score:5, Funny)
I think this would be an universal solution to almost all of mankinds problems.
Re:Well poisoners... (Score:1)
That was not (intended to be) insightful (Score:3, Insightful)
Even though I wrote it myself, I am somewhat scared about the moderation. A couple of hour ago it was 3-Funny. It was intended to be funny. Now it is 4-Insightful.
I will not assume that a lot of slashdot users will support the idea of solving problems by removing the part of the population that causes the problem. Most will be aware that a) even idiots usually have positive sides, b) an idiot in one area may be a genius in another, c) trying to fix something complex like society with a hammer will most like
Re:That was not (intended to be) insightful (Score:2)
I'd say it could be a practical solution, but every implementation of it will be Very Bad. Because: we humans value life highly (most of us at least (I hope)), and especially one's own life.
But consider a society where the common good is always regarded much higher by any individual, than the same individual's own life. In this case, it would be perfectly reasonable for the society to decide on the best traits (such as intelligence), and
Re:who is buying-when no one is selling (Score:1)
Re:The three forces driving spam (Score:5, Funny)
Here's the funny thing. Joe will receive a spam that has been carefully constructed as to appear to be coming from his mother. Why the fsck would he believe it? Is he so stupid that he would buy viagra and hoodia from his mother? The answer, unfortunately, is yes...
"Dear Son,
I am so sorry to hear about your injury. Have you considered **Ci@L15**? My arthritis is acting up, I think I will LAST ALL WEEKEND! When will you come down next, because PLEASE THE CHICAS!
Love,
Mum"
That's "insightful", not "funny". (Score:2)
So you either go over and fix Mom's machine or (if you're less technically competent) you tell Mom you'll take her computer to one of the computer cleaning companies.
Problem solved. Maybe solved forever if Mom gets a different email client (fix email client exploits) or firewall (fix worms) or some education (maybe fix trojans).
Re:That's "insightful", not "funny". (Score:2)
Re:The three forces driving spam (Score:2)
I'm sure they'll write me with their solutions too.
Re:The three forces driving spam (Score:2)
You have clearly identified the problem. Disrupt the money stream and spam would go away. The best way to disrupt the money stream is at the source, the idiots that actually buy the crap pushed in spam.
How do you stop the idiots from buying spam crap? Easy, send email to all users, those that click on the contents and attempt to buy the bait are identified, tracked down, computers are confiscated, and they are barred from the Internet for lif
Re:The three forces driving spam (Score:1)
Welcome to the world of tomorrow! (Score:2, Funny)
I Hope They Don't Know About Weka! (Score:4, Funny)
Re:I Hope They Don't Know About Weka! (Score:2)
Re:I Hope They Don't Know About Weka! (Score:2)
I saw a better suggestion, which is five seconds of community service per email. Let them give back the amount of time to the community that they've taken. Assuming an eight-hour working day, this works out to about six months of community service per million emails.
Where's the revenue? (Score:1)
Re:Where's the revenue? (Score:2)
Not Anytime Soon (Score:1)
Re:Not Anytime Soon (Score:2)
Just that the idea is there, and there's a big market, makes it prudent to get ready for whatever we can reasonably see coming at us.
Re:Not Anytime Soon (Score:2)
One reason we're still in an arms race against spammers is that some of them -- just enough -- have the expertise (or can hire a less than scrupulous developer to provide it) to counteract just about every technological measure we've thrown at them so far.
To assume that spammers are too stupid to work around something is to fall into the trap of being
Some will be lucky (Score:3, Funny)
That's sure to be a dead giveaway...
Re:Some will be lucky (Score:3, Insightful)
Re:Some will be lucky (Score:2)
Re:Some will be lucky (Score:2)
Many of them without even reading it. "Oh, it's just some confirmation box, let's get it out of the way."
Same reply for all these threads.. (Score:5, Insightful)
2. This is the fault of the legal system. Spyware is ALREADY illegal. Congress has talked about making it 'illegaler.' Someone needs to jump forth and realize the moneymaking potential that it is to sue the pants off the incessant spammers.
Again.. 99.9% of spyware problems can be fixed by just running in limited user mode. Ubuntu has the right idea..
Re:Same reply for all these threads.. (Score:2)
Re:Same reply for all these threads.. (Score:1)
You must be new here.
Re:Same reply for all these threads.. (Score:1, Interesting)
While I'm not a Microsoft advocate, I feel that are trying to im
Re:Same reply for all these threads.. (Score:1)
First, you are prompted before running any program from the net. It even prompts you twice, once to confirm to run, a second to confirm publisher info.
Second, if you've ever seen a program like RegMon, you know that registry keys are being changed all the time. I watched the closing of one window and t
Ok, but don't agree with your sig (Score:1)
Re:Ok, but don't agree with your sig (Score:2)
So I agree with you.
Re:Same reply for all these threads.. (Score:1)
If you've used a Linux machine, you'd know not to run anything as root unless necessary. On Windows machines, running as an Administrator is basically the same thing. Why ask for a password when you already have COMPLETE SYSTEM-WIDE ACCESS? Fortunately, the ability to create resticted users is already there, and has been there since at least Wind
From the average college student's computer... (Score:5, Funny)
OOH! My Turn! (Score:2, Funny)
"Hey Honey!
I hope to see you this weekend. I've increased my pen15! I've made sure the kids are 'spending the night' over at their friend's houses, and my wife's out. Now we'll get to celebrate our anniversary with those new nippl3 clamps I bought you!
Love and V1agra,
Hermie."
How to kill a zombie (Score:3, Informative)
You have to destroy its brain, of course [portlandmercury.com].
Re:How to kill a zombie (Score:2)
What I want to know is: Why are so many people using Worcestershire Sauce as embalming fluid?
Re:How to kill a zombie (Score:2, Informative)
Gotta love slashdot.
Data Mining? (Score:2, Interesting)
Re:Data Mining? (Score:1)
But no, this is pretty boring stuff. Instead of refining their target selection, they're working on increasing their dishonesty technology. Spam programmers are evil.
Re:Data Mining? (Score:1)
What piques me about the article... (Score:5, Insightful)
Re:What piques me about the article... (Score:2, Funny)
Too bad there's no +1 Good Spelling mod...
Re:What piques me about the article... (Score:3, Insightful)
Look at it this way. If Linux was the dominant platform, the issue would still exist. Let's assume for a second that Linux is 100% secure. The user will still see something online that says "Click here for free screensavers!" and guess wh
Re:What piques me about the article... (Score:1)
No, it is flawed application design. (Score:2)
If I compile an application, say: main(){system("rm -rf
then put it online, call it coolscreensaver, then have a link like you said,
saying "Click here for free screensavers!".
If a user clicks on that in Linux, using firefox, or thunderbird, what happens?
Nothing. Save to disk where?
If your were able to find examples in Linux where an uninformed user
I can see it now... (Score:1)
I mean seriously, after scalping the rider would the Indian then send a slightly reworded copy of each letter?
Captive Translators (Score:2)
The scalping angle get overplayed. Just as often, whites were taken captive into the tribe. With some tribes, having a slave was a status symbol. Or, in the case of those captured letters, the tribe might keep a white man as translator. (This was a common practice in the ancient Old World, as well.)
Then there's "Indianization" -- the surprisingly common event of white people voluntarily aban
Re:I can see it now... (Score:2)
Hello everybody,
My name is William Hepburn Russell. I have just written up a pony express tracing program that traces everyone to whom this message is forwarded to. I am experimenting with this and I need your help. Forward this to everyone you know and if it reaches 1000 people everyone on the list will receive $10 at my expense. Enjoy.
Your friend,
William Hepburn Russell [wikipedia.org]
The best cure for such spam is... (Score:1, Interesting)
But besides that, maybe an ISP should by default block all but a few outbound ports unless the user requests them specifically (either via a web interface @ the ISP or by phone)?
Or for those who recoil under privacy threats by such a thing, maybe offer a locked-all-to-hell ISP service for $x.00 (web, mail, maybe some game port ranges, and that's it) and a "we'll assume you have a clue about what you're doing" service that leaves ports as they are now for $x+y.00 (nominal e
Re:The best cure for such spam is... (Score:2)
Two problems with that:
1) While blocking access to port 25 outside of the ISP's network is one thing, you can't block port 80 or 443 (or some others) without seriously disrupting your customers' experience. So you have to let some traffic out. And there's nothing saying a zombie can't be programmed to connect on either of those port
Re:The best cure for such spam is... (Score:2)
Of course, not too many target mail servers are going to be listening for incoming mail on ports 80 and 443. Somewhere along the line, some machine under the spammer's co
Re:The best cure for such spam is... (Score:2)
Techniques like SELinux or AppArmor can stop this but they aren't integrated with most distros, it's still experimental stuff, and MacOS doesn't have anything like it.
So, I don't see any logical
Re:The best cure for such spam is... (Score:2)
I certainly don't think ISP's should be the one's responsible for trying to secure the internet. IMHO, ISP's should not block any ports and should only provide connectivity services...all of them.
Where's Mr. Internet (Al Gore) when you need him? We need a law passed that requires anyone connecting to the internet is required to received a state license, and an internatio
Re:The best cure for such spam is... (Score:2)
This is how DSL service is sold today, with home vs business accounts. Home account is like $20-30/month, has a roaming IP, port 25
That's not data mining. It's just copying data (Score:5, Informative)
Examining someone's address book, copying an email in the Outbox, and inserting junk in the middle of that is no more than low tech vandalism.
Yeah, but... (Score:1)
From the post (not even the article) (Score:1)
Unless you mean that "Natural Language Processing techniques" is no more than "low tech" vandalism, I would say the post is right on the money.
Data Mining Spam Zombies? (Score:2)
Bring back colonial-era punishment (Score:2)
Sigh.
Re:Bring back colonial-era punishment (Score:2)
Re:Bring back colonial-era punishment (Score:2)
Don't you mean sentenced to a couple of hours in the St0cKz?
Re:Bring back colonial-era punishment (Score:1)
their estimates are low (Score:1)
It's more like 70-80% as my spam firewall allows 22% of email.
Email for Messaging Only (Score:2)
Change the spammer's email environment before it changes you.
Have an email option solely for communication and not for commercial transfer or for selling things.
I guess people/business wouldn't go for that.
Data mining huh? (Score:2, Funny)
From a practical standpoint... (Score:1, Flamebait)
What I'm sure will happen, sadly, is that Microsoft will push Vista, and it will contain some half-assed attempts at curbing these horrible, large-scale problems of zombies, worms, etc, etc. How effective these attempts will be (if at all) remains to be seen.
So,
Re:From a practical standpoint... (Score:1)
Linux: See above in the event that the user wants to install applications outside the walled garden of a distribution's software repository.
I'm not saying that Windows is perfect, but the user represents a very weak link in the security process.
Re:"lol not root!!" != Secure (Score:2)
By default in linux:
- Permissions tend to be inheireted
- You tend to do everything as a single "user" with a single set of permissions.
- Attempting to extend this scheme into something more realistic is, at the very least, non-trivial.
Thats right, not a magic bullet... (Score:1)
However, I think we can all agree that Microsoft's track record is terrible in regards to solving these problems (problems that they played a part in causing to begin with, with their low-quality software.) Their response over the previous 6 or 7 years to the spam/z
Harman Hamburgaz HAHAHAH (Score:1)
Err thanks guys... (Score:2)
Nice, so even if most spammers don't have the intelligence or resources to do the research for more sophisticated spamming (beyond finding yet another exploit for IE), a bunch of researchers do it for them and publish the papers.
How helpful o
Re:Err thanks guys... (Score:1)
Knowing more about a problem helps solving it, more, than it helps people causing problems. Spamming is work now. They do research too - and not once in a while, but everyday.
Would you be more secure, if algorithms used by SSL were secret?
Would you get less spam, if only IT research guys and spammers knew how to spam "properly"?
We don't need another "keep it silent - it's not a problem" and "don't allow to export it to other countries - even if they know 1000 of
Re:Err thanks guys... (Score:2)
Would you get less spam, if only IT research guys and spammers knew how to spam "properly"?
We don't need another "keep it silent - it's not a problem"
Good, good, I'm happy you're such an idealist and protector of the "information wants to be free" movement.
Now let me tell you how it works in real world: every tiny friggin' advantage counts, and it adds up with the other tiny friggin' advantages. Is it legal or ok to
Re:Err thanks guys... (Score:1)
Researchers rely, like the open-source movement, on the relatively free and unfettered exchange of information. Its the whole "standing on the shoulders of giants" things.
Yeah, this means that the bad people that would spend the most effort and resources to find out dangerous ideas often get them for free, the same as the good people that wouldn't spend the effort and resources, and would otherwise not know anything about how to defend against them if they weren't published.
I think its a worthwhile trad
Oh, really? (Score:5, Funny)
Somehow, I don't think it is going to be difficult to tell the difference, simply because my friends are not trying to peddle things to me.
Yeah really! (Score:1)
Hey, check this site out, just came across it and thought of you [insert spoofed site name]
Or
Hey, did you go to high-school with this guy? [insert spoofed site name]
Then you thought you were going to youtoob or myspace or some other "friendly" site, but you were really getting redirected back to a site that exploits ActiveX, and boom, gotta virus. Maybe not you, since hopefully your running Firefox, but its those other 85% that wil
Unfortunately this is not new or next generation. (Score:2, Interesting)
My solution is to make no friends (Score:3, Funny)
MXSNDR / MXPTR Records (Score:1)
* Don't accept mail that doesn't have properly registered rDNS MXPTR entries.
* Profit from ending site spoofing in spam, making the only outlets open relays and subverted real mail servers, which is considerably less than the whole of home systems worldwide
It's easy. It's distributed. It recognizes the frequent difference between Sending and Receiving MTAs. There are no new control structures to dea
Re:MXSNDR / MXPTR Records (Score:2)
Re:MXSNDR / MXPTR Records (Score:1)
Modifying a bit, perhaps DNS rDNS pairs. The rDNS MXPTR records have to have a matching MXSNDR record pointing at the system, or they are false and vice versa. That should make it appropriately difficult to forge.
example.com MXSNDR 10.93.13.43
mx1.example.com.43.13.93.10.in-addr.arpa MXPTR
It w
This is happening already (Score:1)
Once the survey posted, she noticed that her browser began acting very unusual. The website apparently hijacked her browser, backed up into her email, and proceeded to send emails to every person
Re:This is happening already (Score:2)
The left one option out (Score:2)
Time for vigilante SPAM defense... (Score:2)
There's a huge flaw in this idea (Score:2)
I RTFpdf and I don't see any mention of the single gaping hole in this proposed spam method, which renders it highly unattractive to spammers : the zombies will be short lived. Currently, zombies can only be identified by IP address (for those who can be bothered to dig through the spam email headers), but all that lets the target do is complain to the owner of the netblock on which the zombie lives - there is no way to contact the owner of the infected machine directly, via email. Netblock owners (typic
Re:welcome to #oldnews (Score:5, Funny)
1990 called and wants their "$YEAR called and wants their $ITEM/CONCEPT back" meme back.
Mod parent up funny please Re:welcome to #oldnews (Score:2)
Re:welcome to #oldnews (Score:2)
2005 called and wants their "programmatic variables used as inferences to repetitiveness" back.
Sorry, I had to bandwagon jump.
Re:welcome to #oldnews (Score:1)
Re:welcome to #oldnews (Score:1)
Re:welcome to #oldnews (Score:3, Funny)
It is meta-criticisms all the way down.
-matthew
Re:welcome to #oldnews (Score:1)
Re:Spam Zombie? (Score:5, Informative)
Yes. This has been standard operating procedure for many spammers for about two years now. Virus, worm, and spyware authors set up backdoors through which compromised computers can be loaded with spam-sending software. Then they sell access to these botnets on the black market. Spammers use software designed to blast out commands to dozens or hundreds of bots sitting in homes, businesses and elsewhere, which then spew their virtual sludge across the internet.
The hardcore spammers effectively have infinite processing power and bandwidth, since they can distribute the load across a botnet, and when the same spam run is coming a few messages at a time from hundreds of IP addresses, it's a lot harder to blacklist by IP. That's why many ISPs have started filtering outgoing SMTP traffic, and why blacklists have cropped up that just block any incoming mail from dynamic IP space.