[LINK] Blocking URL spam servers

Ivan Trundle ivan at itrundle.com
Fri Aug 10 09:17:16 AEST 2007 

Study finds weak link in spam business
(Jeff Hecht, NewScientistTech)
A study of more than a million spam emails has revealed a weak link  
in the junk email business. It shows that the web links contained in  
many spam messages point to just a handful of servers. So, in theory,  
disabling or blocking these servers could help make spamming a less  
profitable business.

Instead of focusing on filtering or blocking spam at the inbox, Geoff  
Voelker and Chris Fleizach at the University of California at San  
Diego (UCSD) examined the infrastructure behind spam instead.

The pair studied more than a million spam messages, collected over a  
single week in 2006, which advertised 2334 distinct companies,  
ranging from businesses selling legal products to financial scamming  
sites.

The messages came from a wide range of sources, most likely PCs  
infected with a computer virus and remotely used to churn out spam  
(see Web browsers are new frontline in internet war). But when the  
UCSD team followed web links in each spam message, they found that  
94% directed traffic to a single web server. Furthermore, 57% led to  
a single host based in the US.

Stemming the tide

This represents a potential vulnerability in the spam business,  
Fleizach says, who presented the research at the USENIX Security  
Symposium in Boston, US, on 9 August. He notes that conventional  
blacklisting - blocking the machines that send out spam - only goes  
so far. Partly because spammers generated random "from" addresses,  
more than 93% of which are used only once.

"This excellent paper points at a new approach for making life harder  
for spammers," adds Nathaniel Borenstein, IBM's chief anti-spam and  
open strategist. "It's not going to stop the spammers completely, but  
it could slow them down for a while, and that's no small achievement."

The links analysed by the UCSD team reveal other facts about the spam  
business. For example, only 30% of messages contained active web link  
(compared to 85% in 2005). Much of the rest was so-called "pump and  
dump" spam, aimed at hiking the value of specific stocks.  
Additionally, more than half of the messages carried a virus designed  
to infect computers so that they would send out

Many links contain extra information to identify that identifies the  
spam sender, who then receives a commission for the traffic they  
generate.

http://www.newscientisttech.com/article.ns?id=dn12449&feedId=tech_rss20

iT

More information about the Link mailing list