Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Gets Personal

Posted by ryuzaki0 on from the only-a-matter-of-time dept.

Vitaly Friedman writes "Two researchers demonstrate how much more effective spam could become if its authors used basic data-mining to personalize their messages. From the article: "North America, though no longer the world leader in spam production, still has serious potted meat problems. A recent research paper out of the University of Calgary suggests that those problems could soon be a lot worse if spam creators adopt a few simple data-mining procedures.""

8 of 141 comments (clear)

  1. Security Through Obscurity by Anonymous Coward · · Score: 4, Insightful

    Thanks! just what I want spammers to know

  2. What else do they have? by drsmack1 · · Score: 4, Insightful

    Are they also hosting some pages on their site to help me make anthrax or a nuclear bomb? How about how to pick up under age girls.

    Seriously; do the spammers NEED any more help?

    --

    Humor from a Genetically Molested Mind

  3. Great! and in other news... by truckaxle · · Score: 4, Insightful

    Two researchers demonstrate how much more effective the AIDS virus could become if only a few basic modifications could be made to personalize the attack on the immune system.

    1. Re:Great! and in other news... by mctk · · Score: 3, Insightful
      The problem is not the supply, it's the demand. As long as people keep clicking those links, spammers will keep sending. And spam is evolving at a much faster rate than our filters. You think spammers don't know this stuff? The best filter is an educated user.

      In response to your analogy, isn't it a good thing that scientists be aware of this and prepared to respond?

      --
      Paul Grosfield - the quicker picker upper.
  4. Re:Why are we helping spammer? by fosterNutrition · · Score: 5, Insightful

    Don't be so hasty to attack their research. If you think about it, this isn't really any different from publishing a whitepaper showing how to break the DRM on a file, or how to phreak an old phone. No, this is not intended as flamebait, but it seems to me like any distinction drawn between those actions is based simply on the prevailing culture and attitudes at /. where breaking DRM = good, sending spam = bad.

    Now I'm not trying to argue that we should have more spam, but the people at Sony would also not want to argue that we should have more DRM-cracking. It's simply a matter of perspective. And anyway, I'm sure the paper (no I didn't RTFA) was created to try to address the problem before it really shows up so it's not so bad rather than encouraging the noxious spamlords.

  5. Re:Why are we helping spammer? by kratei · · Score: 3, Insightful
    They thought some peolpe would say that they shouldn't be doing this kind of research:

    "Some might argue that publishing such research will only guarantee that the ideas are used by spammers, but the authors are convinced that such personalization will happen sooner or later anyway, and that it's better to be prepared for the inevitable than not to talk about it."

    I don't know if I wholly agree with them, but at least give them credit for thinking that they can head the spammers off at the pass. Maybe they really think that an ounce of prevention is worth a pound of cure.

  6. Yeah, he's right. by darkonc · · Score: 3, Insightful
    My first response was 'Thanks you creeps -- you just createad a new monster'.... But I've been thinking the same things for years, and it's only time before spammers do this sort of garbage.

    One thing to note, however... Once you start mining information from a Zombie (which -- to be honest has already been done), it makes it easier to identify the zombie and shut it down. (I.e. if I get a spam with information from mikie's machine, I'll immediately phone him and tell him to shut down and clean up his machine. Now mikeie's machine is unavailable to the spammers.)
    I think that that is the real reason why zombie systems don't use data mining.... It's like an 'undercover' cop who fingers every low-level pusher-addict he runs into.... He'll never live long enough to get the information he wants on what goes on inside the biker gang's 'clubhouse'.

    This is one of the things that I do... I wrote a filter that peels apart an email, removes the 'legitimate' IPs in the Received: headers collected en route, and attempts to send an email to the IP responsible for the source of the email. It usually takes them a while, but they will shut down the responsible zombie.

    I stopped doing that for a couple of months, and my spam climbed to unbearable levels. I started using the script again a couple of days ago, and the spam I've been getting has already dropped noticably.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  7. Recommendations by Viraptor · · Score: 5, Insightful

    Fortunately for those who detest spam, the authors also present four new defenses that could help stop this newer, more personalized spam. First, e-mail archives can be encrypted, making it difficult for malware to mine them for information.


    WOW - so I've got to accept that my computer IS broken into and encrypt even local data? Thank you very much - my computer would rather not be broken into.

    Second, these archives can also be "salted" with false information such as spam trap addresses. Third, the authors suggest that all URLs followed from an e-mail client be viewed in a "sandboxed" browser that would prevent automatic downloads.


    Sandboxed browser? Ok - they're joking. Who uses external content displaying in their mail? And anyone hasn't got a "HTML=+80% spam" rule in mail client yet, generated AUTOMATICALLY FROM EXAMPLES?

    Finally, anti-spam filters can be adjusted to better screen for these types of attacks.


    Care to elaborate?

    Ok - this is all going in the wrong direction. Why shouldn't I trust *my system*? Why should I allow my incomming mail to use outside objects? I thought that people, who can build a natural-language-messages data mining / composing system can understand basics of home computer security...
    Besides - if spam will mimic a friend's style and probably send mail as that friend - then you know exactly who to filter out and who needs billing for a "PC security" lessons ;)