Just as former bank robbers are the best at stopping current bank robbers and venom can be thwarted by antivenom from the same snake, so, apparently, are the botnets that spew out billions of spam messages each day useful for stopping new spam in its tracks.
Researchers at Berkeley’s International Science Institute have found that by capturing an infected bot and analyzing the template it uses to blast out its infernal payload, they can accurately predict and filter out the kinds of spam messages that botnets will send out — all without accidentally capturing legitimate e-mail.
To test their idea, the team installed a previously captured software bot onto a machine. After analysing 1000 emails generated by this compromised machine – less than 10 minutes’ work for most bots – the researchers were able to reverse-engineer the template. Knowledge of that template then enabled filters to block further spam from that bot with 100 per cent accuracy.
High accuracy can be achieved by existing spam filters, but sometimes at the cost of blocking legitimate mail. The new system did not produce a single false positive when tested against more than a million genuine messages, says Andreas Pitsillidis, one of the team: “The biggest advantage is this false positive rate.”
Two caveats: one, this method is still in the ‘academia’ phase of development; two, knowing all of the possible spam iterations that one botnet can spit out is no guarantee of stopping other, differently configured spambots. But unless you’re friends with a lot of rich widows who need your help cashing checks for EIGHT MILLION EUROS (€8 MILLION), an application of this method may help you filter junk from legitimate email some time down the road.
(via New Scientist)