BBC NEWS _ Technology _ How to Make Spam Unstoppable | Email Spam | Computer Network Security

1/9/2011

BBC NEWS | Technology | How to ma…

How to make spam unstoppable
By Mark Ward BBC News Online technology correspondent Good news for spammers, the smart filtering software used to catch spam can be beaten. W ith a little ingenuity it is possible to create messages that get past anti-spam filters every single time. The discovery has been made by anti-spam researcher John Graham-Cumming w ho studies the novel w ays spammers try to defeat the technologies used to stop junk mail. The bad new s for spammers is that this flaw in filtering systems is not easy to exploit and can be combated. Ham versus spam If you have an e-mail address you w ill know about spam and the longer you have had that address the more spam you w ill get. It is estimated that 60% of all messages sent are now spam. To cut out the junk, many e-mail users have turned to a technology know n as Bayesian filtering to spot and stop spam before it reaches their in-box. W hen trained to spot what is spam and w hat is legitimate mail these smart filters can catch, in many cases, more than 99% of junk messages.

INTERNET MAIL SPAM FIGURES 60% - January 2004 58% - December 2003 56% - November 2003 52% - October 2003 54% - September 2003 50% - August 2003 50% - July 2003 49% - June 2003 48% - May 2003 46% - April 2003 45% - March 2003 42% - February 2003 Source: Brightmail

The smart filtering has been so successful that it has already forced a change in the w ay spam messages are w ritten. Random words are being added to some messages specifically to fool the filters. "They are looking for things that are not spammy," said Mr Graham-Cumming, "w ords that outw eigh the spamminess of the message." This is the reason that many spam messages feature rarely used w ords such as "formic", "brouhaha", "granitic" and "occlusive". Thankfully, it does not work. "It's a completely ineffective technique," he said. Filter flaw But Mr Graham-Cumming, who is a member of the Sophos Anti-Spam Task Force, has found a w ay to beat Bayesian filters that guarantees a message w ill get through every time. newsvote.bbc.co.uk/…/3458457.stm 1/2

To find out how to beat the filters Mr Graham-Cumming sent himself the same message 10.stm 2/2 .co. And. Soon he had generated a short list of w ords that.co.000 times but to each one added a fixed number of random w ords. he said. W hen a message got through he trained an "evil" filter that helped to tune the perfect collection of additional w ords.1/9/2011 BBC NEWS | Technology | How to ma… He w as prompted to investigate the w eaknesses of Bayesian filters because. He had to send himself thousands of copies of the same message each one holding an encoded chunk of HTML that reported back to him when it got past the filter. some messages still get through. the good new s is that the technique to discover these trigger w ords is very time consuming. although sending thousands of messages to one person w ould be counterproductive. Including just one of these words convinced Mr Graham-Cumming's real spam filter that a message was ham rather than spam. he said. sending fewer to a larger pool of people. "The actual w ords it found were a total surprise.bbc. might produce some key w ords for that business and help a spammer get their junk mail through.stm Published: 2004/02/04 12:23:36 GMT © BBC 2011 newsvote. such as all the staff at a business. although he uses them himself. But. this w ould have to be repeated for every person a spammer wanted to reach because they w ould all have a different list of key words. These HTML bugs can be thwarted by turning off the preview pane in e-mail. My Graham-Cumming said defending against spam that uses these w ords w ould be very difficult because the words are tied to a person's job and lifestyle.uk/go/pr/fr/-/2/hi/technology/3458457. if added to a spam message. "touch" and "comment". The list included w ords such as "Berkshire". "w ireless".uk/…/3458457.bbc. he said. "Marriott"." said Mr Graham-Cumming. But. w ould guarantee its safe passage into his inbox. Story from BBC NEWS: http://news.

Sign up to vote on this title
UsefulNot useful