Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Spam Arms Race set for Next Escalation

First published: 31st August 2007

An interesting paper at USENIX 2007 (Spamscatter: Characterizing Internet Scam Hosting Infrastructure) that analyses spam and the servers involved in hosting their scams has prompted exaggerated claims that spam's Achilles' Heel has been found in some of the computing press. Unfortunately, we face intelligent adversaries who can be expected to quickly change their strategy.

The paper demonstrates the spamscatter technique for identifying scam infrastructure, using approximate image comparison to bypass obfuscation techniques used by spammers and thus identify clusters of servers associated with individual campaigns. The results of using the technique show that, while spammers use large numbers of spam relays to send messages, most spam campaigns use just one server as the further contact point for the scam, and, in many cases, multiple campaigns share one host. The authors suggest, "This practice provides a potentially convenient single point for network-based interdiction either via IP blacklisting or network filtering". Futhermore, claims journalist Matthew Broersmaas, as it is the scam that collects money from the customers/victims, this interdiction cuts the economic lifeblood for the spam, suggesting that spam might be combated in this way.

Unfortunately, the most likely result of IP blacklisting or network filtering the scam hosts will be the development of distributed, fault-tolerant clusters of scam servers. We know the bad guys have the technical capability, they have already used it for sending spam, they have just not had a reason to bother before now.

A better approach might be to use these techniques to trace the scammers and put them behind bars. Ultimately, they might still start using distributed clusters, but jail-time is a lot stronger deterrant than loosing a server; it could really change the criminal's view of the risk/benefit trade-off.


More Information