Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Researchers on Stopping Spam

Posted by timothy on from the slow-treacle dept.

TheBackBencher writes "Scientific American today has a very interesting article about "Stopping Spam" by Joshua Goodman, David Hackerman and Robert Rounthwaite from Microsoft Research. They talk about different types of spam -- spam with emails, spam on IMs, spamlinks on web pages and image based spam. They mention different techniques for spam filtering mainly fingerprinting matching techniques, n grams model, naive bayesian approach, optical character recognition, challenge/response systems and Human Interacted Proofs (HIP) in a very lucid style. They however do not mention fingerprinting approach of using Nilsimsa Hash to tackle addition of random words by spammers in emails or hypertextus interruptus technique used by spammers of splitting words using HTML comments, pairs of zero width tags, or bogus tags. Also, Spam-Research is reporting the SplitFit Technique that Spammers are using to fool Yahoo! Mail SpamGuard."

3 of 294 comments (clear)

  1. The Arms Race Goes On by DumbSwede · · Score: 5, Informative
    Just today I saw a new method in a ebay.com phishing scheme.

    The ebay.com link showed up at the bottom of the browser, but was replaced with some kind of javascript mouseon event. This is probably not new.

    Instead of random text to fool Bayesian filters, it had hidden recent news article summaries (bracketed by html comment tags) that would be similar to what you might post to a friend.

    Spam filters will probably be upgraded to catch this soon, but it was the first time I had seen it. And of course as mentioned in the article, the ebay specifics where obfuscated by html tags between letters.

    --
    Letter To Iran
  2. Slashdot typos strick again! by VeryProfessional · · Score: 5, Informative

    I thought the name David Hackerman was a bit too good to be true, and it turns out it was. Following the link shows that his name is David Heckerman . Note to /. eds: please proofread your posts. It's not like they're very long...

  3. Re:validating email addresses for more spam by anon+mouse-cow-aard · · Score: 3, Informative

    Your unsubscribe is executed on a bot (a captured machine) which the bad guys can look at, the after taking precautions not to be observed, and harvest what they want from it. The good guys, if they capture the machine will just get your address (if it isnt encrypted by the bad guys) and a machine that is acting funny (if they dont know how to knock to get into the bot-ware) Since logging cannot be trusted on a compromised machine, what they need is a non-compromised machine beside the compromised one (on the same segment) to watch the traffic go in and out... a honeypot. That is a lot of hard work.