your post makes me think of this article i read the other day:
Spam gets personal
5/2/2006 12:40:21 PM, by Nate Anderson
North America, though no longer the world leader in spam production, still has serious potted meat problems. A recent research paper out of the University of Calgary suggests that those problems could soon be a lot worse if spam creators adopt a few simple data-mining procedures.
John Aycock is a computer science professor who teaches classes in “Spam and Spyware” and “Computer Viruses and Malware.” His newest research project, done in conjunction with Nathan Friess, imagines an evolutionary step in the use of spam zombies that could dramatically increase their effectiveness. The paper, “Spam Zombies from Outer Space”, shows how effective spammers could be if they sifted the zombie computer’s e-mail archives and generated messages in that particular user’s style.“There are two key reasons why spam is suspicious to anti-spam filters and human targets alike. First, it often comes from an unrecognized source. Second, it doesn’t look right. The evolution of spam zombies will change this. These new zombies will mine corpora of e-mail they find on infected machines, using this data to automatically forge and send improved, convincing spam to others. In addition to the adversary, there are two other parties involved here: the victim, who owns a zombie machine, and whose saved e-mail the adversary will be mining; the target, currently on infected, that the adversary wants to click on something.”
That “convincing spam” is generated by looking at factors such as vocabulary, the length of individual lines, the use of capitalization, signatures, abbreviations, misspellings, and more. The malware then generates a reply to a legitimate e-mail on the user’s computer and appends its own message and payload (attachment or URL), and does so in the victim’s own style and with his or her own signature. The result is much harder to distinguish from traditional spam, and would make it through most current anti-spam screening programs.
The authors tested their theory on two e-mail data sets: a small data set that they had created and the much larger public data set of Enron e-mail. Their results were quite positive. Using only simple data-mining techniques, their software successfully generated legitimate-looking reply messages that lacked all the usual spam telltales.
Fortunately for those who detest spam, the authors also present four new defenses that could help stop this newer, more personalized spam. First, e-mail archives can be encrypted, making it difficult for malware to mine them for information. Second, these archives can also be “salted” with false information such as spam trap addresses. Third, the authors suggest that all URLs followed from an e-mail client be viewed in a “sandboxed” browser that would prevent automatic downloads. Finally, anti-spam filters can be adjusted to better screen for these types of attacks. Some might argue that publishing such research will only guarantee that the ideas are used by spammers, but the authors are convinced that such personalization will happen sooner or later anyway, and that it’s better to be prepared for the inevitable than not to talk about it.
[ [Discuss](http://episteme.arstechnica.com/eve/ubb.x?a=dl&s=50009562&f=174096756&x_id=1146591621&x_subject=Spam+gets+personal&x_link=http://arstechnica.com&x_ddp=Y) ]