Cyber security experts unveil spammer strategies

You will be glad to read that the war against spam is entering a new phase. Security researchers have identified patterns in the way spam is created that could give the upper hand to anti-spam software.

Jeff Hecht writes that more than 90 percent of all e-mail is spam. Anti-spam software recognizes it by looking for key phrases, and also blocks e-mails from blacklisted Web sites or mass mailings of identical messages from the same address. To overcome this, spammers use networks of compromised computers, called botnets, to churn out new varieties of spam that can elude standard filters.

To learn how to fight back, Christian Kreibich of the International Computer Science Institute in Berkeley, California, and colleagues, infiltrated a botnet called Storm and analyzed the way its complex internal communications worked. They found that the unidentified controller of the botnet sent commands through Web sites to a set of computers called proxy bots. These proxies then sent instructions to worker bots in set patterns, including templates for spam creation. The worker bots filled these templates with dictionary words to assemble individualized spam messages that purposely avoided using phrases that usually alert spam filters. The team reported their findings at the LEET 09 spam workshop in Boston last month.

The Storm botnet, which shut down in September 2008, was relatively easy to penetrate, but Kreibich says that spam fighters should now be able to recognize the templates of other botnets by analyzing enough of their spam. If that leads to new filtering software, the advantage will tip toward the anti-spammers — at least until the arms race moves on once more.