Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Smarter Spam Could Mimic Friends' Mail

The next generation of spam and phishing e-mails could fool both software filters and the most cautious people, Canadian researchers said Sunday, by mimicking the way friends and real companies write messages.

John Aycock, an assistant professor of computer science at the University of Calgary, and his student, Nathan Friess, presented a paper Sunday at a security conference in Hamburg, Germany that outlined how junk mailers and phishers, even spyware criminals, could create slicker spam.

Rather than rely on mass quantities of spam, much of it now written in gibberish to slip past anti-spam filters, tomorrow's criminals could plant malicious programs on compromised computers, the spam "zombies" that account for a large portion of spam sent. Those programs, Aycock and Friess argued, would scan the e-mail in the zombie's inbox, mine it for information and writing patterns, then crank out realistic-looking replies to real messages.

The two Canadians created software that mined the data in a pair of e-mail message pools to find statistically-significant patterns of abbreviation, capitalization, and signatures. A second program then used the discovered patterns to automatically transform a standard, one-line spam into a more convincing and individualized reply.

"All the pieces are in place right now" for spammers to take advantage of such tactics, Aycock said in a statement. "What we’re talking about is very simple data mining. At some point, the other shoe has to drop."

  • 1