Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Gets Personal

Posted by ryuzaki0 on from the only-a-matter-of-time dept.

Vitaly Friedman writes "Two researchers demonstrate how much more effective spam could become if its authors used basic data-mining to personalize their messages. From the article: "North America, though no longer the world leader in spam production, still has serious potted meat problems. A recent research paper out of the University of Calgary suggests that those problems could soon be a lot worse if spam creators adopt a few simple data-mining procedures.""

21 of 141 comments (clear)

  1. what does it mean? by dotpavan · · Score: 4, Funny
    Dear Beloved Dear Mr/Mrs Dearest friend Hi honey

    If this isnt personalized, what more can I expect? :)

    1. Re:what does it mean? by ozmanjusri · · Score: 4, Funny
      Do they have access to my medical file?

      No, you left your webcam on. You should get a better chair, btw.

      --
      "I've got more toys than Teruhisa Kitahara."
  2. Dupe. by khasim · · Score: 4, Informative

    http://it.slashdot.org/article.pl?sid=06/04/28/181 1210

    And not very accurate the first time, either. Since Mom probably isn't going to be sending me v1agr4 ads, it will be easy to find and clean the infected machines.

  3. Security Through Obscurity by Anonymous Coward · · Score: 4, Insightful

    Thanks! just what I want spammers to know

  4. What else do they have? by drsmack1 · · Score: 4, Insightful

    Are they also hosting some pages on their site to help me make anthrax or a nuclear bomb? How about how to pick up under age girls.

    Seriously; do the spammers NEED any more help?

    --

    Humor from a Genetically Molested Mind

    1. Re:What else do they have? by MadUndergrad · · Score: 5, Funny

      Really, I think papers on how to pick up girls are would be greatly appreciated by the greater /. community. In fact, it seems only natural that nerds would use papers and research to figure this sort of thing out. It's either that or Vader masks.

  5. Great! and in other news... by truckaxle · · Score: 4, Insightful

    Two researchers demonstrate how much more effective the AIDS virus could become if only a few basic modifications could be made to personalize the attack on the immune system.

    1. Re:Great! and in other news... by mctk · · Score: 3, Insightful
      The problem is not the supply, it's the demand. As long as people keep clicking those links, spammers will keep sending. And spam is evolving at a much faster rate than our filters. You think spammers don't know this stuff? The best filter is an educated user.

      In response to your analogy, isn't it a good thing that scientists be aware of this and prepared to respond?

      --
      Paul Grosfield - the quicker picker upper.
  6. don't kid yourselves by Anonymous Coward · · Score: 4, Interesting


    Th US most definately is the world leader in the production of spam

    treat the disease not the symptoms

  7. Why are we helping spammer? by MrBulwark · · Score: 5, Funny

    And while we are at it, lets publish a paper telling people how to do a better job money laundering, or new way to smuggle cocain into the country.

    1. Re:Why are we helping spammer? by fosterNutrition · · Score: 5, Insightful

      Don't be so hasty to attack their research. If you think about it, this isn't really any different from publishing a whitepaper showing how to break the DRM on a file, or how to phreak an old phone. No, this is not intended as flamebait, but it seems to me like any distinction drawn between those actions is based simply on the prevailing culture and attitudes at /. where breaking DRM = good, sending spam = bad.

      Now I'm not trying to argue that we should have more spam, but the people at Sony would also not want to argue that we should have more DRM-cracking. It's simply a matter of perspective. And anyway, I'm sure the paper (no I didn't RTFA) was created to try to address the problem before it really shows up so it's not so bad rather than encouraging the noxious spamlords.

    2. Re:Why are we helping spammer? by kratei · · Score: 3, Insightful
      They thought some peolpe would say that they shouldn't be doing this kind of research:

      "Some might argue that publishing such research will only guarantee that the ideas are used by spammers, but the authors are convinced that such personalization will happen sooner or later anyway, and that it's better to be prepared for the inevitable than not to talk about it."

      I don't know if I wholly agree with them, but at least give them credit for thinking that they can head the spammers off at the pass. Maybe they really think that an ounce of prevention is worth a pound of cure.

  8. Duh! by Billosaur · · Score: 4, Interesting

    The reason they don't do this now is that the spammers doing it are not geeks. They're taking pre-built scripts, modifying some parameters, and letting them go. They will keep doing this until those scripts no longer work, and then they will move onto newer ones. The only was this will happen is if some hacker gets bored, reads this article, and desides there's a lot of cash to be made selling just such a thing to the spammers.

    Be real -- no matter how personalized an email gets, I'm still going to know it's not from somebody I know, because I don't make email my primary mode of correspondence and where I do, I can easily figure out that my mother isn't going to be sending me ads for Viagra.

    Now, if they could make a Turing-capable spam generator, I'd be impressed.

    --
    GetOuttaMySpace - The Anti-Social Network
  9. They're data mining already! by nekoniku · · Score: 4, Funny

    How else would they know my p3n1z i5 5m@LL?

    --
    "It's a wonderful idea. But it doesn't work." -- Tad Danielewski
  10. meat problems? by Ruvim · · Score: 3, Funny

    So, that's why I get all those VIAGRA messages?

  11. Yeah, he's right. by darkonc · · Score: 3, Insightful
    My first response was 'Thanks you creeps -- you just createad a new monster'.... But I've been thinking the same things for years, and it's only time before spammers do this sort of garbage.

    One thing to note, however... Once you start mining information from a Zombie (which -- to be honest has already been done), it makes it easier to identify the zombie and shut it down. (I.e. if I get a spam with information from mikie's machine, I'll immediately phone him and tell him to shut down and clean up his machine. Now mikeie's machine is unavailable to the spammers.)
    I think that that is the real reason why zombie systems don't use data mining.... It's like an 'undercover' cop who fingers every low-level pusher-addict he runs into.... He'll never live long enough to get the information he wants on what goes on inside the biker gang's 'clubhouse'.

    This is one of the things that I do... I wrote a filter that peels apart an email, removes the 'legitimate' IPs in the Received: headers collected en route, and attempts to send an email to the IP responsible for the source of the email. It usually takes them a while, but they will shut down the responsible zombie.

    I stopped doing that for a couple of months, and my spam climbed to unbearable levels. I started using the script again a couple of days ago, and the spam I've been getting has already dropped noticably.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  12. Actually snail mail is just as broken... by Lispy · · Score: 4, Interesting

    Every day I get quite upset by opening my reallife mailbox.
    It's totally unacceptable: Buried below a ton of trash I find two seriously dangerous invoices with 4digit numbers in the red. If I ever miss out one of them I'd probably go to jail, but hey, why not throw another pizza flyer on top of all that, the planet sure can handle this and what else are those trees for?

    Personally if I was going to choose I'd vote for e-mail spam just to get rid of this total waste of ressources.
    There should be a LAW against this, and against buying from spammers, reallife or virtual.

  13. Recommendations by Viraptor · · Score: 5, Insightful

    Fortunately for those who detest spam, the authors also present four new defenses that could help stop this newer, more personalized spam. First, e-mail archives can be encrypted, making it difficult for malware to mine them for information.


    WOW - so I've got to accept that my computer IS broken into and encrypt even local data? Thank you very much - my computer would rather not be broken into.

    Second, these archives can also be "salted" with false information such as spam trap addresses. Third, the authors suggest that all URLs followed from an e-mail client be viewed in a "sandboxed" browser that would prevent automatic downloads.


    Sandboxed browser? Ok - they're joking. Who uses external content displaying in their mail? And anyone hasn't got a "HTML=+80% spam" rule in mail client yet, generated AUTOMATICALLY FROM EXAMPLES?

    Finally, anti-spam filters can be adjusted to better screen for these types of attacks.


    Care to elaborate?

    Ok - this is all going in the wrong direction. Why shouldn't I trust *my system*? Why should I allow my incomming mail to use outside objects? I thought that people, who can build a natural-language-messages data mining / composing system can understand basics of home computer security...
    Besides - if spam will mimic a friend's style and probably send mail as that friend - then you know exactly who to filter out and who needs billing for a "PC security" lessons ;)
  14. Targetted Spam by overshoot · · Score: 4, Interesting
    Sort of an oxymoron, isn't it?

    The whole point of the spam business model is that it's low-cost. Any filtering would raise costs compared to simply flooding the world with the same payload.

    If spammers were in the slightest interested in addressing their markets, I wouldn't be seeing several thousand Asian-language spam per day addressed to a North American mail server. None of us would be seeing spam with hash-busters, mangled "Subject:" lines, and other filter avoidance hacks.

    This seems like one more attempt to promote the idea of "good spam" for mainsleazers like Kohl's department stores.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  15. Who paid the researchers? by slashname3 · · Score: 3, Funny

    Damn spammers hiring researchers to figure out better ways to get spam delivered. Don't they teach ethics anymore?

    This also qualifies as a DUH! Of course if you send spam that looks like it comes from someone you know it has a better chance of getting through.

  16. Real spam research by gvc · · Score: 3, Interesting
    Why does Slashdot not report on real spam research? They report puff pieces like this and the phishing talk from the MIT Spam Conference, but not the results of TREC 2005 Spam Track (Hint: an outsider using compression techniques was very strong; open source filters like crm114, dbacl, bogofilter and spamassasin were close behind; DSPAM was middle of the pack.) No filter came close to demonstrating those widely-claimed 99.9-whatever% accuracy figures. I guess "news for nerds -- stuff that matters" includes testimonials but not results.


    The TREC tests involved tests on 350,000 email messages. A 92,000 message public corpus from this effort is available for free download.


    John Graham-Cumming (no relation to TREC) has created SpamOrHam -- a community-based effort to adjudicate the judgements in the TREC corpus. This'll let us test in a big way Yerazunis' contention that spam filters are better than humans.


    Any filter writer can participtate in TREC 2006 by submitting a letter of intent now and a filter in due course.


    There's also an upcoming scientific spam conference this summer - CEAS.