Researchers identify Spam’s weak spot

by Jan Harris

Researchers at the University of California, San Diego (UCSD), believe they have identified a weak spot in the spam infrastructure which could be used to stop spammers gaining financially from their activities.

According to UCSD researchers, spammers use powerful distributed delivery networks to send out junk e-mail, but this isn’t the case for the internet scams which are central to the spam mechanism. These are usually hosted on a single website.

Researchers found that a single website can often host several scams, such as selling pharmaceutical products over a website. Such a site can also act as a spam relay.

The study found that junk email is organised into individual campaigns. A campaign usually starts with a short period of heavy spamming, but the ads which direct users to a scam-hosting site remain online for at least a week.

Taking down a scam server, or spammer redirect can destroy the earning potential of the entire spam campaign.

UCSD developed a technique, called “spamscatter”, to analyse e-mails and follow links to these scam servers.

Researchers were able to identify scams through a technique known as “image shingling”. The technique identifies individual scams by clustering scam servers with web pages that are graphically similar.

The study identified over 2,000 separate scams, hosted over 7,000 distinct servers. The scam servers tended to be based in the US, while the spam servers were more widely scattered.

The Individual machines used to host multiple scams and to serve as spam relays can be taken down via either IP blacklisting or network filtering.

The findings of the report, which was authored by David Anderson, Chris Fleizach, Stefan Savage and Geoffrey Voelker of UCSD’s Collaborative Center for Internet Epidemiology and Defenses, were revealed at the USENIX Security 2007 conference in Boston.

Discuss this in the Internet Business forums

Story link: Researchers identify Spam’s weak spot

Posted in: Internet,Security