London: Spam messages are an incredible
nuisance to most web users. But, now scientists claim to have
developed an "effectively perfect" method for blocking the
most common kind of spam, using spammers' own trickery.
An international team, led by International Computer
Science Institute in Berkeley and California University, has
come up with a system that deciphers the templates a "botnet"
is using to create spam -- these templates are then used to
teach filters what to look for, the 'New Scientist' reported.
According to the scientists, the system works by
exploiting a trick that spammers use to defeat email filters.
As spam is churned out, subtle changes are typically
incorporated into the messages to confound spam filters. Each
message is generated from a template that specifies message
content and how it should be varied.
The team reasoned that analysing such messages could
reveal the template that created them. And, since the spam
template describes the entire range of the emails a bot will
send, possessing it might provide a watertight method of
blocking spam from that bot.
To test their idea, the team installed a previously
captured software bot onto a machine. After analysing 1,000
emails generated by this compromised machine -- less than 10
minutes' work for most bots -- the scientists were able to
reverse-engineer the template.
Knowledge of that template then enabled filters to
block further spam from that bot with 100 percent accuracy.
The new system did not produce a single false positive
when tested against more than a million genuine messages and
the biggest advantage is this false positive rate, team member
Andreas Pitsillidis said.
"This is an interesting approach which really differs
by using the bots themselves as the oracles for producing the
filters," added Michael O'Reirdan, Chairman of the Messaging
Anti-Abuse Working Group, a coalition of technology companies.
PTI
First Published: Tuesday, January 26, 2010, 18:29