Monday, October 12, 2009

Detecting Spam With Checksums

Checksum based filters use the principle that messages sent in bulk are very much similar to each other except for a few variations. They strip the messages of all that varies between messages, reduce what remains to a checksum, and compare this value with a list of values in a database. If a match occurs the message is a spam else, it is allowed to pass through.

The advantage of this method lies in the fact that both administrators and users can use it thus increasing the list of spam fighters. However, the spammers come up with ingenious tricks to add some meaningless information-known as -hashbusters- in the middle of the message thus making it difficult for the filter to identify it as spam. This happens because each message with the hashbuster generates a unique checksum. Thus, there is an ensuing battle between the developers of the checksum software and those of the spam generating software.

Checksum based filtering methods include Distributed Checksum Clearinghouse also referred as DCC is a hash sharing method of spam detection. The logic behind this is that spam mail is sent to many recipients. Therefore, if one mail that is a spam is sent to a server it generates a checksum for it and posts the hash to a central, collaborative repository. When the server receives the same message later it checks with the online database whether the message is reported as spam .If yes, then the database increases the spam score for that message.

Vipul's Razor and Recurrent Pattern Detection are other products that also depend upon the fact that spam messages are sent in bulk

Thursday, October 8, 2009

Stealing Open Mail Relays:

The mail servers that ISPs run require some sort of authentication to make sure that the user is a customer of that ISP. Therefore, spammers seek out and make use of vulnerable third party systems such as open mail relays and open proxy servers since these do not verify the veracity of the users and pass all mail to the destination address.

Quiet often spammers use networks of malware infected PCs known as Zombie networks (or Botnets) to send their spam. In June 2006, Zombie PCs sent an estimated 80% of e-mail spam, which was an increase of 30 per cent from the previous year. Approximately about 55 billion spams were sent each day in June 2006,which saw an increase of 25 billion per day from June 2005.