New weapons trash junk e-mail

The next generation of spam could be camouflaged as e-mail from your colleagues and friends.

Today’s spam filters are highly effective, but they may be no match for spammers seeking new ways to fool people into visiting commercial Web sites or downloading rogue software carrying viruses, worms, spyware, or other dangerous applications.

New research shows it is possible to create a new type of spam, or bulk e-mail, that would likely bypass even the best spam filters and trick experienced computer users who would normally delete suspicious e-mail messages.

Two things typically distinguish today’s spam:

“The next generation of spam, however, could be sent from your friends’ and colleagues’ e-mail addresses — and even mimic patterns that mark their messages as their own (such as common abbreviations, misspellings, capitalization, and personal signatures) — thereby making you more likely to click on a Web link or open an attachment that could harm your computer, spy into your hard drive, or steal your personal information,” says John Aycock, PhD, an assistant professor of computer science at the University of Calgary. Aycock has conducted research on spam and spam blockers.

In the past, spammers have tried to increase their effectiveness by sending huge volumes of e-mail, in the hopes that a few messages would inevitably sneak past automated spam filters. Spammers’ ultimate success, however, depends upon their ability to trick people into clicking on links or downloading attachments.

Most spam is now sent from so-called zombie computers — vast networks of remote computers that have been infected by rogue software, called “malware,” which can be used to automatically send bulk e-mail messages, says Aycock.

Spammers may soon use zombie computers in a totally new way. Instead of housing only spam-generating software, infected zombie computers could also house programs that spy into a person’s e-mail, mine it for information, and generate realistic-looking replies.

Such a specific, targeted approach has previously been viewed as too complex to be worth spammers’ efforts. But research based on data mining has shown that now this is not only possible, but, relatively easy to do.

The new approach hasn’t been used by spammers yet, but it’s only a matter of time before they begin to exploit resources already at their fingertips.

Spammers use zombie networks, have access to e-mail accounts, and know that spam filters are catching most of their messages. Consequently, they are looking for ways around those defenses. Data mining has been used for a long time by lots of people. And what we’re talking about is very simple data mining. At some point, the other shoe has to drop.

If the weapons are within reach, so are some solutions. (See sidebar, “How to stop friendly looking spam.”) These new solutions are not difficult; they are all within technical reach right now. They are just not packaged nicely like other anti-spam solutions.

Existing spam software is nearly 99 percent effective against current spam techniques, and anti-virus software is still the best defense against malicious software. It’s generally a good practice to have multiple defenses on your computer, so if one thing fails, another exists to catch the threat.