• United States

Warning: Spam zombies from outer space

Apr 27, 20062 mins

A new wave of spam could be on the way that tricks recipients by looking like it is comes from their friends’ e-mail addresses.

This sort of spam would bypass even those filters that currently weed out 99% of the bad stuff, says John Aycock, an assistant professor of computer science at the University of Calgary.

Spammers are expected to start mining for familiar e-mail addresses via secretly overtaken “zombie” computers and replicating patterns seen in messages such as common abbreviations, misspellings and signatures. By doing so, spammers would hope to dupe recipients into going to bogus Web sites and clicking on links that could unleash damaging payloads, Aycock says.

Aycock and student Nathan Friess conducted research and wrote a paper dubbed “Spam Zombies from Outer Space” to show that generating such customized spam — such as in the form of e-mail replies — would not be too difficult, as has been assumed in the past. Spammers have leaned toward bulk e-mail generation that is less customized.

Spammers could adopt such a technique by mining for data on zombies, those computers that spammers and hackers take over without a user’s knowledge in order to generate boatloads of spam.

In their research, Aycock and Friess used manually generated e-mail as well as addresses garnered from a public database of Enron messages.

Aycock says that these techniques have not been used by spammers in any significant way yet to his knowledge. Still, he is urging anti-spam vendors to check out his research in order to take steps to stymie spammers’ newest tricks. He also is urging end users and companies to better protect themselves by taking steps such as storing and encrypting old messages and by protecting against their machines being used as zombies.

Aycock and Friess plan to present their research results at the European Institute for Computer Anti-Virus Research conference in Hamburg, Germany on April 30. Here’s a pre-conference version of the paper.

Aycock’s name rang a bell with me. Turns out that’s because he generated some controversy a while back for a virus-writing course.

We recently reported on other spam futures from the MIT Spam Conference.

Bob Brown