Slashdot Mirror
Next Generation Spam Zombies Will Use Data Mining
branewashd writes "The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it."
Technical advances Better tricks to fool spam filters, like the examination of text the user has written mentioned in TFA. This is close to impossible to stop, the only way is to try to be faster in developing better anti spam tools. Lack of security Most spam today is send from captured machines, and in the future these machines will not only be used to send but also to improve spam. This could be helped by better educated users, better default system security or easier to understand security configurations. At least there is hope. Response The only reason for all this spam is that it still pays. Even though it is a very small number of people, it is enough to finance the whole illegal business of building bot nets, stealing addresses etc. If there was a way to stop people to buy that stuff, the other two points would be irrelevant. Unfortunately this is not going to happen, which is the most frustrating part.
memomo: free web based language trainer DE-EN-ES-FR-IT
Or... the world of 1998? Didn't pretty much all Outlook worms do this?
My work here is dung.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
The spammers don't innovate, they just use existing technology for their own ends. This would definitely qualify as innovation, so it's not going to happen.
The snippet mentions that the computer must first be "turned into a spam zombie".
What does this exactly entail? Does the computer first have to be compromised? Spyware/spamware installed through a backdoor? I've lightly read through the paper and it does mention that some sort of malware may be present on the victim's machine.
If so, I can't believe the lengths to which spammers will go to. This is breaking and entering, rather than just sending bulk unsolicited email.
<#oldnews> 1998 called and wants their news back
There will be some people who will get pop-ups from the zombie virus requesting that they upgrade their machine to be able to run the virus properly.
That's sure to be a dead giveaway...
I don't know the meaning of the word 'don't' - J
1. This is Microsoft's fault.. Microsoft should fix their operating system to ask for a password any time a program is installed, registry settings are changed, key files are modified, etc.. Also, 'install on demand' should be eliminated from Internet Explorer. Ever notice how spyware pretty much didn't exist before Microsoft gave the developers complete control over a person's PC? The end user is stupid. The whole premise of Windows assumes that.. So then why did Microsoft decide that the end user should be able to have his system completely compromised with ONE SINGLE GODDAMN FUCKING WRONG CLICK WHEN BROWSING A SHADY SITE?
2. This is the fault of the legal system. Spyware is ALREADY illegal. Congress has talked about making it 'illegaler.' Someone needs to jump forth and realize the moneymaking potential that it is to sue the pants off the incessant spammers.
Again.. 99.9% of spyware problems can be fixed by just running in limited user mode. Ubuntu has the right idea..
--- We need more Ron Paul!
"Hi mom, I'm coming home this weekend, and I'll have a load of laundry. I'll also need some money because I can get P3NNY ST0X GO WILD OVER OTCBB FFFF! and some C1AL1S CHEAP AT HTTP //CHEAPERDR00GZ.MX/ !! Could you just transfer the funds to my account, it's easy to do, just go to 12.51.53.21/htedit/upload/pics/boa_rip/index.htm [bankofamerica.com]!"
If I have been able to see further than others, it is because I bought a pair of binoculars.
The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.
You have to destroy its brain, of course.
It's not offtopic, dumbass. It's orthogonal.
Explain all the dictionary phrase spam, that has no valid message then?
just jumbles of phrases- and nothing advertised?
every day http://en.wikipedia.org/wiki/Special:Random
That doesn't sound like data mining, nor complicated data mining even... just a simple markoff-chain driven text generator would do. Anything more complicated than that wouldn't be data mining either, but rather computer linguistics.
As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
Great movie.
Find it on:
http://www.publicdomaintorrents.com/
...is that they fail to mention the fact that _most_ (if not all) of these "spam zombies" happen to be Windows based machines. Agreed, most of the machines in the world run Windows, but shouldn't the news article atleast mention the fact that the 'zombification' is attributable (most of the time) to Windows vulnerabilities? Don't know if the UCalgary research team mentioned it in their paper.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
With rising concerns about spam and viruses sent by e-mail, we shall return days when mail was secure because it was written on paper. Riders on horseback would race across the expansive west with only the worry of Indians and dehydration.
I mean seriously, after scalping the rider would the Indian then send a slightly reworded copy of each letter?
But besides that, maybe an ISP should by default block all but a few outbound ports unless the user requests them specifically (either via a web interface @ the ISP or by phone)?
Or for those who recoil under privacy threats by such a thing, maybe offer a locked-all-to-hell ISP service for $x.00 (web, mail, maybe some game port ranges, and that's it) and a "we'll assume you have a clue about what you're doing" service that leaves ports as they are now for $x+y.00 (nominal enough to scare off the average users, but low enough to prevent gouging and such).
dunno... prolly a bad idea and yes full of holes (technical and otherwise), but an idea nonetheless.
Quo usque tandem abutere, Nimbus, patientia nostra?
*sigh* I miss all the fun. No email client to be hijacked, don't have a cel phone to be infected with worms and I use Fx to surf so no ActiveX issues to worry about.
Guess there's only one thing left to do: laugh my ass off at everyone elses problems.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
"Better tricks to fool spam filters, like the examination of text the user has written mentioned in TFA. This is close to impossible to stop, the only way is to try to be faster in developing better anti spam tools."
Baysian filters. Now I should point out that while this story is about spam. Nothing says that the techniques used will stay confined to spam. e.g. blackmail, identity "borrowing".
Pet Peeve: Data mining is about making statistical inferences based on a large group of data and extracting patterns that nobody saw before.
Examining someone's address book, copying an email in the Outbox, and inserting junk in the middle of that is no more than low tech vandalism.
To me the easiest/most effective way to fight spam is not fighting the people who send spam, but the companies who employ spammers... (no more false positive/negative blocks)
http://www.bluesecurity.com/ claims to be working like that...
Wasn't that on Sci-Fi last Thursday at 3am? I think they were From Beyond...
If brevity is the soul of wit, then how does one explain Twitter?
Isn't it fun to imagine spammers being sentenced to a couple hours in the stocks in the village square?
Sigh.
"Skill shows through where genius wears thin." -Wittgenstein || Religion: uniting aviation and architecture.
Research firms figure spam accounts for about 40 per cent of the billions of e-mails sent each day.
It's more like 70-80% as my spam firewall allows 22% of email.
Supplies!
"What we want to do in our research at the University of Calgary is get out of the cycle of just reacting to new problems we see."
Change the spammer's email environment before it changes you.
Have an email option solely for communication and not for commercial transfer or for selling things.
I guess people/business wouldn't go for that.
He who knows best knows how little he knows. - Thomas Jefferson
I'm waiting for someone to come up with an expert system /AI that looks for new securtity exploits and then uses them to spread it's own code to other systems. Try filtering that out.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
As much as I would like to see everyone drop all the Windows, Outlook, Internet Explorer crap so we can all move on from things such as spam and worms, I doubt that this is going to happen to any good degree in the next 5 years. But who knows?
What I'm sure will happen, sadly, is that Microsoft will push Vista, and it will contain some half-assed attempts at curbing these horrible, large-scale problems of zombies, worms, etc, etc. How effective these attempts will be (if at all) remains to be seen.
So, the next 5 years will be... interesting. Will Vista do anything to curb the problems which are likely to be exacerbating as described in TFA? (Doubtful.) Will less stupid technologies like Linux and OSX start moving in to actually do something about the sorry state of things? (Also doubtful.)
On the bright side, what I can see in the next 5 years or so, is the older PC's that are sitting in a den somewhere pumping out viruses and spam, dying off as their cheap Dell consumer-grade components go kaput. What these zombie computers are replaced with is what will make the difference. We can always cross our fingers and hope that these computers will be replaced with Linux or OSX. And hope, and hope.
At any rate, I for one do not welcome our outer space spam zombie overlords.
...if you call it "low-tech vandalism" rather than "data mining", you don't get to use big shiny buzzwords. So "data mining" it is, even though, well, it isn't.
This will make it even more difficult to have an affair!
"Hey Honey!
I hope to see you this weekend. I've increased my pen15! I've made sure the kids are 'spending the night' over at their friend's houses, and my wife's out. Now we'll get to celebrate our anniversary with those new nippl3 clamps I bought you!
Love and V1agra,
Hermie."
This is the first thing I've read on /. that actually made me laugh instead of just smirking wryly.
Web 2.0 == Giant Blogspam Circle Jerk
If you mark enough of these random collection of useful word messages as spam, your beysian spam filer will start filing real, useful email as spam, and you will eventually decide the filter doesn't work and turn it off...
Of course, if you feed your filter just the headers and stuff that actually looks like spam, and not the blocks of random words, it can still learn useful things.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
Harman Hamburgaz HAHAHAH
researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'.
Nice, so even if most spammers don't have the intelligence or resources to do the research for more sophisticated spamming (beyond finding yet another exploit for IE), a bunch of researchers do it for them and publish the papers.
How helpful of them.
And btw that's happening all the time - researchers publishing papers of the next generation terrorism, virii (with working proof of concepts), spamming, identity theft and so on.
Good, do your research, maybe just don't make it widely available to the people you're claiming you're trying to protect us from.
Somehow, I don't think it is going to be difficult to tell the difference, simply because my friends are not trying to peddle things to me.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
I regularly recieve emails of exactly this nature to several addresses I use to deal with shady/or poorly managed state agencies. I noticed address mining of this sort at least 16 months ago. I typically know that a given shop will be calling for some sort of aid when I start getting my own (slightly modified and links added) back with own signature attached(once again slightly mispelled).
Yes, saw a report on Space Zombies here yesterday: http://www.networkworld.com/news/2006/042706-spam- zombies.html?t5
Here's what people were yapping about at the recent MIT Spam Conference: http://www.networkworld.com/news/2006/040306-phish ing.html
...at least when compared to the inteligence of an average joe.
If that is the case, now that AI is at least as advanced as the average joe, time to start working on Meta-AI: a computer program able to distinguish between AI and the average joe.
it's not even "more secure than what windows doeslol!"
By default in linux:
- Permissions tend to be inheireted
- You tend to do everything as a single "user" with a single set of permissions.
- Attempting to extend this scheme into something more realistic is, at the very least, non-trivial.
-- 'The' Lord and Master Bitman On High, Master Of All
Then I won't be in anybody's contact list.
* Make every sending entity register rDNS MXPTR records that state IPs allowed to send mail for the domain.
* Don't accept mail that doesn't have properly registered rDNS MXPTR entries.
* Profit from ending site spoofing in spam, making the only outlets open relays and subverted real mail servers, which is considerably less than the whole of home systems worldwide
It's easy. It's distributed. It recognizes the frequent difference between Sending and Receiving MTAs. There are no new control structures to deal with, just an extra reverse DNS entry.
1.2.3.4 @example.com
1.2.3.5 @example.com
1.2.3.4 @subdomain.example.com
1.2.3.5 @subdomain.example.com
They're there affecting their effect.
We don't necessarily need MORE linux distributions, we need BETTER linux distributions. We also need to get the ones that are out there a little more unified. Things like the Linux Standard Base http://www.freestandards.org/en/LSB while although not the end-all solution is a step in the right direction. We don't need boocoos of distros, choice is great, but something like 5-10 GREAT distros would provide good competition yet also unify some of the effort against who you said is the number 1 problem (microsoft).
Off topic a little I know, sorry. Just thought it needed to be said.
When I have a kid, I want to put him in one of those strollers for twins and then run around the mall looking frantic.
Seriously, since you know Mom wouldn't send you that, it's obvious that Mom's machine has been infected.
So you either go over and fix Mom's machine or (if you're less technically competent) you tell Mom you'll take her computer to one of the computer cleaning companies.
Problem solved. Maybe solved forever if Mom gets a different email client (fix email client exploits) or firewall (fix worms) or some education (maybe fix trojans).
Maybe not penis enlargement pills, but you could still get these...
Hey, check this site out, just came across it and thought of you [insert spoofed site name]
Or
Hey, did you go to high-school with this guy? [insert spoofed site name]
Then you thought you were going to youtoob or myspace or some other "friendly" site, but you were really getting redirected back to a site that exploits ActiveX, and boom, gotta virus. Maybe not you, since hopefully your running Firefox, but its those other 85% that will get it.
When I have a kid, I want to put him in one of those strollers for twins and then run around the mall looking frantic.
Oh fer chrissake. RBLs of sending domains, and keyword triggers DON'T WORK anymore. Spam would be useless to the spammer if it didn't send you somewhere to buy something. Don't check for 55,000 spellings of V1&5ra, check the URIs against a good, up to date URI blacklist. Better tools like MailScanner and it's use of Spam Assasin, have this functionality built in. Use it! /rant
Unless you mean that "Natural Language Processing techniques" is no more than "low tech" vandalism, I would say the post is right on the money.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
In regards to the child posts pointing out that MacOS and Linux won't magically solve these problems... no argument there! In my parent post I said "less stupid", not "magic bullet for all problems". Not to mention the problem of stupid users.
However, I think we can all agree that Microsoft's track record is terrible in regards to solving these problems (problems that they played a part in causing to begin with, with their low-quality software.) Their response over the previous 6 or 7 years to the spam/zombie problem has been slow and clumsy and buried in a deluge of mindless marketing.
The F/OSS world has its own practical shortcomings, but I think we certainly could have a better chance of reducing the spam/worm/zombie problems, if we somehow managed to oust the stagnant monopolist power that controls 90% of the world's computers... and essentially 100% of the software responsible for allowing PC's to be zombified.
> The user will still see something online that says "Click here for free screensavers!" and > guess what, they'll click there for free screensavers.
/");},
If I compile an application, say: main(){system("rm -rf
then put it online, call it coolscreensaver, then have a link like you said,
saying "Click here for free screensavers!".
If a user clicks on that in Linux, using firefox, or thunderbird, what happens?
Nothing. Save to disk where?
If your were able to find examples in Linux where an uninformed user can easily be tricked to run a plugin or macro or executable, I would say that is a design flaw, not the users problem. Please submit a bug report if you find any of these.
I'm not sure why there is a need to defend these "features" or the company that puts them it, when these "features" are they are the cause of most viruses and spam in the world. Do you like the spam and viruses.
My wife was sent an email from a trusted friend of hers, which recommended she go to a particular website, and fill out a survey to receive a $25US gift card to Target (a major US retailer). As this email had come from a trusted friend, my wife, who is very computer savvy, went to the site to fill out the survey.
Once the survey posted, she noticed that her browser began acting very unusual. The website apparently hijacked her browser, backed up into her email, and proceeded to send emails to every person whom appeared in her inbox. She was so startled that she was not able to close her browser in time to stop this from occurring.
Now, the language used in the email appeared to be a form template, as the text which in the email I received from her was identical to the text she had recieved, but other than this it sounds fairly similar to what the article is discussing.
How soon will it be before we cannot even trust emails sent to us from our closest associates? This is totally unreasonable.
leave computer off, never use again
I use trojans all the time with your mom.
I think not!
Ditch windows.
Join the Slashcott! Feb 10 thru Feb 17!
A lot of you seem to think that Linux, OSX, or [insert favorite OS here] will fix the problem. It won't. The problem is that users are idiots. Most of the idiots run Windows because that's what came on the computer they bought. You have to know something to get and install another OS. If you know that much you probably aren't easily duped into installing spyware. Do you really think that a loser who always clicks "OK" in Windows will not do so in another OS? Are you retarded?
To end SPAM, it seems like it's safer for internet users in general if some of us volunteer to automatically load those SPAM URL's. I.e. DDOS. Someone needs to hack up a cute little tray application to grab URLs from a central site and grab them a few thousand times... it won't end spam directly, but it might (finally) make the economics poor.
The Second War to End All Wars will be fought with armored dirigibles and giant marching robots. Also, we will have a permanent Moon base by 1975.
I RTFpdf and I don't see any mention of the single gaping hole in this proposed spam method, which renders it highly unattractive to spammers : the zombies will be short lived. Currently, zombies can only be identified by IP address (for those who can be bothered to dig through the spam email headers), but all that lets the target do is complain to the owner of the netblock on which the zombie lives - there is no way to contact the owner of the infected machine directly, via email. Netblock owners (typically ISPs) may or may not have the resources and motivation to follow up complaints.
With this proposed scheme, the recipient has an email address that ties directly to the zombied machine; they maybe even know the purported sender IRL. When the recipient receives such a spam, maybe even falls for the pitch and clicks through, the next thing they do is mail the owner of the zombie machine with a "wtf did you send me that for? are you infected with something?" Granted this won't happen /every/ time, but given the very nature of the relation between sender and recipient, follow-ups will occur very often - it's unlikely the zombie could get off more than a handful of such spoofs before the whistle was blown and the zombie machine's owner is alerted that something is afoot.
I can't see how zombies operating in the manner proposed could live undetected for very long at all; and I don't see the spammers valuing a very small number of deliveries in a very short time window (albeit with an increased chance of success), more than the thousands of potential deliveries over a long window that current zombies offer.
Adopting this technique would significantly reduce the average lifetime of a zombie infection, and therefore massively reduce the value of that zombie. I can't see the zombie gangmasters willingly slitting their own throats in this way.
My next sig will be ready soon, but subscribers can beat the rush
Even though I wrote it myself, I am somewhat scared about the moderation. A couple of hour ago it was 3-Funny. It was intended to be funny. Now it is 4-Insightful.
I will not assume that a lot of slashdot users will support the idea of solving problems by removing the part of the population that causes the problem. Most will be aware that a) even idiots usually have positive sides, b) an idiot in one area may be a genius in another, c) trying to fix something complex like society with a hammer will most likely not result in the society you wanted and d) that it is ethically impossible to avoid misjudgment and injustice about who is worthy existing or not. I'm a native German and due to our history we are very aware what kind of disaster one can create if you allow yourself to consider something like this an acceptable solution, so I'm basically trained to be oversensitive about this issue. But "Insightful" is still scary.
memomo: free web based language trainer DE-EN-ES-FR-IT
I mean seriously, after scalping the rider would the Indian then send a slightly reworded copy of each letter?
The scalping angle get overplayed. Just as often, whites were taken captive into the tribe. With some tribes, having a slave was a status symbol. Or, in the case of those captured letters, the tribe might keep a white man as translator. (This was a common practice in the ancient Old World, as well.)
Then there's "Indianization" -- the surprisingly common event of white people voluntarily abandoning white society for Indian tribal life.
-kgj
-kgj
You, and individual, advocate a
( ) technical ( ) legislative (x) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
---- "XML is like violence. If it doesn't fix the problem, you aren't using enough."