Fighting spam with captured botnet hosts

Clever spamfighters are allowing botnets to infect one isolated computer, then analyzing the spams it sends to figure out the template used to generate its messages. This template is then propagated to spam-filters:

"This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters," says Michael O'Reirdan, chairman of the Messaging Anti-Abuse Working Group, a coalition of technology companies. But he adds that botnets have grown so large that even a 1-minute delay in cracking the template would be "long enough for a very substantial spam campaign".
Funny: this was a sub-plot in True Names, the Hugo-nominated novella that Benjamin Rosenbaum and I published last year.

To beat spam, turn its own weapons against it

(Image: File:Zombie-process.png png, Wikimedia)


  1. The spam/antispam wars never cease to amaze me. The fact that even a 1-minute delay still allows immense amounts of spam to get through is sad, but also somehow impressive. This measure to fight them is equally impressive.

    …and now I have to read this novella, the prime plot of which also seems to be pretty interesting.

  2. The New Scientist article is a little behind the times: these teams published their work at the message security conferences a year ago (and presumably the research started considerably before that). I’m fairly certain all the big antispam players are already using techniques similar to theirs.

    And yes, in the default-allow, enumerate-badness (thanks, Marcus Ranum) world of spam filtering, sixty seconds is an eternity.

  3. I have long suspected that the battle between spammers and anti-spammers is how we will one day get computer programs capable of writing and understanding natural language. Soon the need for humans behind them will cease and the programs can continue fighting each other all over the internets on their own.

Comments are closed.