Ad.WRIGHT! Blogs - Security
Inboxes drowning in 'image spam'
Submitted by Martin on Mon, 07/02/2007 - 09:53.Original Article - New Scientist Tech - November 2006
Computer security experts are struggling to cope with a new type of spam sweeping the internet. The emails can bypass conventional spam filters because they contain images of messages rather than actual words and sentences.
"The level of image spam has increased dramatically this year," says Carole Theriault, a senior consultant at Sophos, an IT security company based in London, UK. Sophos estimates that, at the beginning of the year, image spam accounted for only 18% of unsolicited mail but that this has since risen to 40%. "That's a big increase," she says.
Conventional spam filters work by analysing the content of emails, looking for words and phrases known to be associated with unsolicited mail, such as "herbal Viagra" or "penis enlargement". The filter then uses this and other information to decide whether the mail is spam.
But when the message is sent as an image rather than as text, this technique cannot be used. Spam filters then have to fall back on other techniques. "We see a lot of image spam and we know which computers are sending it," says Paul Bacca, a spam and virus researcher, also at
Sophos. Simply blocking mail from these computers is surprisingly successful. "We think we catch about 80% of image spam using these conventional techniques," he says.
Randomly generated
That still leaves a sizeable volume of unwanted image spam, however. And spammers are becoming increasingly sophisticated in getting around filtering techniques. One filtering method involves matching images with ones held in a database.
Unfortunately, spammers have learnt to get around this by using a layer of text on top of a layer of a randomly generated background for each new image. From the point of view of a spam filter, each image is different, although the human eye easily recognises the written message.
The same technique is often used by computer security experts to prevent "spambots" – automated Webcrawling programs – from signing up for services such as free email. A sign-up form displays an image of a series of characters that are distorted in a way that is hard for a computer to see but relatively easy for a human to pick out.
The technique, known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), was developed by Luis von Ahn and colleagues at Carnegie Mellon University in Pittsburgh, US. "It's a great irony that spammers are now using the same technique to beat spam filters," he says.
Scanner signature
The good news, however, is that image spam has a weakness that spam filters are beginning to exploit. Many of the images are scanned into a computer and therefore contain information associated with the scanner used, such as the number of colours or pixels it uses. The filter then looks for these colours and the number of pixels when rating emails as potential spam.
But the greater goal is to develop optical character recognition (OCR) techniques that can actually read any message contained within the image, so that conventional filtering techniques can then be applied. Of course, the fact that such a breakthrough could also be used to get around CAPTCHA is unlikely to have been lost on spammers.
OCR is a long way from being able to do this, says von Ahn. "You're looking at technology that is anything from 10 to 30 years away." Even if could be made to work well, it would be computationally expensive to carry out in real time on the millions of emails that pass through spam filters, warns Bacca. "This is one of the major research goals for computer security companies. Everybody is working on it," he says.
»
- Martin's blog
- Login or register to post comments
- Read more
Major attack hits internet's 'root' servers
Submitted by Martin on Mon, 07/02/2007 - 09:01.Original Article - New Scientist Tech - February 2007
The worst attack on the internet's infrastructure in years slowed traffic using infected "zombies" computers on Tuesday.
The attack involved deluging the internet's central domain name system (DNS) servers with meaningless traffic in an effort to render them inaccessible or cause them to crash.
The DNS keeps traffic flowing across the internet by storing the master records that link internet protocol (IP) addresses with more memorable domain names. When someone types in the name of a web site, the DNS connects them with the right server, based on its IP address.
The US Department of Homeland Security confirmed its cyber-security arm had been monitoring the activity. "The nature of the traffic has not been confirmed, and the servers, which are overseas, remain operational," says spokesman Russ Knocke.
Serious business
Graham Cluley, senior technology consultant at UK anti-virus firm Sophos described the incident as "the most serious attack against these domain name servers" since 2002.
Cluley said three of the 13 domain name system (DNS) servers that control global internet traffic were hit during the so-called "denial of service" attack. He says the attack appeared to originate from ordinary PCs remotely controlled by hackers in a giant "botnets" made up of thousands of hacked computers.
"While the resilience of the root servers should be commended, more needs to be done to tackle the root of the problem," Cluley adds.
Experts from the US-based SANS Internet Storm Center were "aware of the attacks" and are working to dig up more information about them, says director Marcus Sachs. "We're still hunting for some technical details," he adds.
Grandmother attack
Some reports trace the attacks to South Korea, but Cluley says this does not mean the perpetrators are based there: "It could be that your grandmother's computer in the bedroom, unbeknownst to her, may have been trying to bring down the internet."
Cluley adds the motive for the attack remains unclear. One tactic sometimes used by hackers is to threaten to shut down a website with a denial of service attack if money is not paid. "Another possibility is just plain mischief, and my feeling is that this may have been just a bit of a lark," Cluley said.
In October 2002, another major attack targeted all 13 root servers and slowed internet traffic more dramatically (see Internet's foundations shaken by attack).
»
- Martin's blog
- Login or register to post comments
- Read more
