[LINK] Blocking URL spam servers
Ivan Trundle
ivan at itrundle.com
Fri Aug 10 09:17:16 AEST 2007
Study finds weak link in spam business
(Jeff Hecht, NewScientistTech)
A study of more than a million spam emails has revealed a weak link
in the junk email business. It shows that the web links contained in
many spam messages point to just a handful of servers. So, in theory,
disabling or blocking these servers could help make spamming a less
profitable business.
Instead of focusing on filtering or blocking spam at the inbox, Geoff
Voelker and Chris Fleizach at the University of California at San
Diego (UCSD) examined the infrastructure behind spam instead.
The pair studied more than a million spam messages, collected over a
single week in 2006, which advertised 2334 distinct companies,
ranging from businesses selling legal products to financial scamming
sites.
The messages came from a wide range of sources, most likely PCs
infected with a computer virus and remotely used to churn out spam
(see Web browsers are new frontline in internet war). But when the
UCSD team followed web links in each spam message, they found that
94% directed traffic to a single web server. Furthermore, 57% led to
a single host based in the US.
Stemming the tide
This represents a potential vulnerability in the spam business,
Fleizach says, who presented the research at the USENIX Security
Symposium in Boston, US, on 9 August. He notes that conventional
blacklisting - blocking the machines that send out spam - only goes
so far. Partly because spammers generated random "from" addresses,
more than 93% of which are used only once.
"This excellent paper points at a new approach for making life harder
for spammers," adds Nathaniel Borenstein, IBM's chief anti-spam and
open strategist. "It's not going to stop the spammers completely, but
it could slow them down for a while, and that's no small achievement."
The links analysed by the UCSD team reveal other facts about the spam
business. For example, only 30% of messages contained active web link
(compared to 85% in 2005). Much of the rest was so-called "pump and
dump" spam, aimed at hiking the value of specific stocks.
Additionally, more than half of the messages carried a virus designed
to infect computers so that they would send out
Many links contain extra information to identify that identifies the
spam sender, who then receives a commission for the traffic they
generate.
http://www.newscientisttech.com/article.ns?id=dn12449&feedId=tech_rss20
iT
More information about the Link
mailing list