Smarter Spam Could Mimic Friends' Mail

The next generation of spam and phishing e-mails could fool both software filters and the most cautious people, Canadian researchers said Sunday, by mimicking the way friends and real companies write messages.

John Aycock, an assistant professor of computer science at the University of Calgary, and his student, Nathan Friess, presented a paper Sunday at a security conference in Hamburg, Germany that outlined how junk mailers and phishers, even spyware criminals, could create slicker spam.

Rather than rely on mass quantities of spam, much of it now written in gibberish to slip past anti-spam filters, tomorrow's criminals could plant malicious programs on compromised computers, the spam "zombies" that account for a large portion of spam sent. Those programs, Aycock and Friess argued, would scan the e-mail in the zombie's inbox, mine it for information and writing patterns, then crank out realistic-looking replies to real messages.

The two Canadians created software that mined the data in a pair of e-mail message pools to find statistically-significant patterns of abbreviation, capitalization, and signatures. A second program then used the discovered patterns to automatically transform a standard, one-line spam into a more convincing and individualized reply.

"All the pieces are in place right now" for spammers to take advantage of such tactics, Aycock said in a statement. "What we’re talking about is very simple data mining. At some point, the other shoe has to drop."By mimicking real messages from real people, Aycock said spammers and phishers would be able to convince more people to click on an embedded URL or open an attachment that could plant spyware on PCs.

A pre-conference PDF version of the paper can be downloaded from the University of Calgary's site.