Security researchers have come up with a system that deciphers the templates a botnet is using to create spam. The system combats spammers with their own weapons, by exploiting a trick that spammers use to defeat e-mail filters. According to the team, these templates can be used to develop an "effectively perfect" method for blocking the most common kind of spam. Additionally, the false positive rate is a big advantage of the new system. The researchers claim it didn't produce a single false positive when tested against more than a million genuine messages.
The system, developed by a team at the International Computer Science Institute in Berkeley, California, and the University of California, San Diego, works by exploiting a trick that spammers use to defeat email filters. As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters. Each message is generated from a template that specifies the message content and how it should be varied. The team reasoned that analysing such messages could reveal the template that created them. And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot.
To test their idea, the team installed a previously captured software bot onto a machine. After analysing 1000 emails generated by this compromised machine - less than 10 minutes' work for most bots - the researchers were able to reverse-engineer the template. Knowledge of that template then enabled filters to block further spam from that bot with 100 per cent accuracy.