Next Generation Spam Zombies Will Use Data Mining

branewashd writes "The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it."

The three forces driving spam

[chriss]

Technical advances

Better tricks to fool spam filters, like the examination of text the user has written mentioned in TFA. This is close to impossible to stop, the only way is to try to be faster in developing better anti spam tools.

Lack of security

Most spam today is send from captured machines, and in the future these machines will not only be used to send but also to improve spam. This could be helped by better educated users, better default system security or easier to understand security configurations. At least there is hope.

Response

The only reason for all this spam is that it still pays. Even though it is a very small number of people, it is enough to finance the whole illegal business of building bot nets, stealing addresses etc. If there was a way to stop people to buy that stuff, the other two points would be irrelevant. Unfortunately this is not going to happen, which is the most frustrating part.

Same reply for all these threads..

[brxndxn]

1. This is Microsoft's fault.. Microsoft should fix their operating system to ask for a password any time a program is installed, registry settings are changed, key files are modified, etc.. Also, 'install on demand' should be eliminated from Internet Explorer. Ever notice how spyware pretty much didn't exist before Microsoft gave the developers complete control over a person's PC? The end user is stupid. The whole premise of Windows assumes that.. So then why did Microsoft decide that the end user should be able to have his system completely compromised with ONE SINGLE GODDAMN FUCKING WRONG CLICK WHEN BROWSING A SHADY SITE?

2. This is the fault of the legal system. Spyware is ALREADY illegal. Congress has talked about making it 'illegaler.' Someone needs to jump forth and realize the moneymaking potential that it is to sue the pants off the incessant spammers.

Again.. 99.9% of spyware problems can be fixed by just running in limited user mode. Ubuntu has the right idea..

What piques me about the article...

[GillBates0]

...is that they fail to mention the fact that _most_ (if not all) of these "spam zombies" happen to be Windows based machines. Agreed, most of the machines in the world run Windows, but shouldn't the news article atleast mention the fact that the 'zombification' is attributable (most of the time) to Windows vulnerabilities? Don't know if the UCalgary research team mentioned it in their paper.

Re:Some will be lucky

[winkydink]

Some measurable percentage of people would still click on it.

Re:What piques me about the article...

[Jakeypants]

No, the problem isn't Windows vulnerabilities, it's uneducated users. My Windows PC is on all the time, connected to the internet, and it's behind a firewall. It hasn't ever been hit by any of these problems that slashdotters ever claim "just happen" to Windows PCs.

Look at it this way. If Linux was the dominant platform, the issue would still exist. Let's assume for a second that Linux is 100% secure. The user will still see something online that says "Click here for free screensavers!" and guess what, they'll click there for free screensavers. The typical, uneducated user, would run as root all the time and install every piece of trash software they could.

This is a Windows problem because of the users, not because of Windows.

That was not (intended to be) insightful

[chriss]

Even though I wrote it myself, I am somewhat scared about the moderation. A couple of hour ago it was 3-Funny. It was intended to be funny. Now it is 4-Insightful.

I will not assume that a lot of slashdot users will support the idea of solving problems by removing the part of the population that causes the problem. Most will be aware that a) even idiots usually have positive sides, b) an idiot in one area may be a genius in another, c) trying to fix something complex like society with a hammer will most likely not result in the society you wanted and d) that it is ethically impossible to avoid misjudgment and injustice about who is worthy existing or not. I'm a native German and due to our history we are very aware what kind of disaster one can create if you allow yourself to consider something like this an acceptable solution, so I'm basically trained to be oversensitive about this issue. But "Insightful" is still scary.