NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0193 Spammers Using Artificial Intelligence:

Though security industry experts were openly predicting the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted email reaching end-users' inboxes. And while filtering technologies have improved significantly and can thwart the ability of most image spam to force its way onto corporate networks today, some experts believe that the fight against the use of such AI (artificial intelligence) tactics on the part of spammers is only just getting underway. In a report published on May 30, analysts at Forrester Research elaborate on their theory that image spam is merely the tip of the iceberg when it comes to spammers' use of AI. The only way to prevent a repeat of the image spam surge as new models using AI come to light, Forrester analysts said, will be for technology vendors and enterprise customers to abandon their current approach of trying to filter out every type of campaign that the mass-mailers conceive and instead battle the roots of the problem. The report states that just as web sites and anti-spam providers have utilized techniques such as CAPTCHA -- the challenge-response tests found in many different online applications that ask users to input characters planted into obfuscated image files -- to beat back unwanted bot-driven activity, so too will spammers utilize AI to create seemingly endless variations on their message campaigns to circumvent the latest filtering tools. Among the types of methods that spammers are already employing to beat existing image-filtering tools are spam campaigns that use distorted and obfuscated text images, graphic pictures, and audio and video files. The Forrester analysts believe that customers and technology providers should focus on monitoring messages for fundamental properties exhibited by each flavor of spam, such as the links to malware sites that most of the emails carry. Officials with email security service provided Postini -- which claims to process more than 1 billion messages per day for more than 35,000 organizations -- said that spam levels continue to set new records and that unwanted emails currently account for roughly 40% of all traffic it monitors. In addition to high levels of image spam, the company is also tracking developments such as an increase in the volume of messages that appear to be meant to harvest email addresses for subsequent malware attacks, including botnet threats. Other recent trends under investigation by the firm include spam that attempts to evade filtering tools by using strings of gibberish to confuse content scanning technologies.

(InfoWorld 01JUN07)

Last Modified: Friday, 08-Jun-2007 21:00:10 EDT