Botnets beware: research detects spamming attacks.* Researchers at Microsoft have developed a system to detect botnet attacks on Web email providers. Botnets are composed of computers that have been taken over by an entity without the owner's knowledge. These "zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. " computers are then commandeered to attack other computers and servers. Spamming See spam. spamming - spam botnets sign up for numerous Web site-based email accounts email account email n → compte m (e-)mail and then log in to send spam E-mail that is not requested. Also known as "unsolicited commercial e-mail" (UCE), "unsolicited bulk e-mail" (UBE), "gray mail" and just plain "junk mail," the term is both a noun (the e-mail message) and a verb (to send it). . New software called BotGraph harnesses cloud-computing models and a graph-based approach to detect malicious Involving malice; characterized by wicked or mischievous motives or intentions. An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification. DESERTION, MALICIOUS. activity spawned by spamming botnets. To catch them, BotGraph examines user activity logs of email accounts and produces large-scale graphs that assist in differentiating legitimate users from fake users. "We looked at the graphs to analyze the similarities between the users. Each botnet-created fake user account in this graph will look very connected to each other," says Fang Yu, one of the researchers on the Silicon Valley-based Microsoft team. Legitimate account holders' activities are spontaneous and usually are not correlated cor·re·late v. cor·re·lat·ed, cor·re·lat·ing, cor·re·lates v.tr. 1. To put or bring into causal, complementary, parallel, or reciprocal relation. 2. with other accounts. [ILLUSTRATION OMITTED] "You would very rarely find a large number of users who at the same time would all log in from the same computer," explains researcher Yinglian Xie. Botnet-created accounts, however, sign in simultaneously from the same IP address. The team applied BotGraph to two months of Hotmail logs containing more than 500 million users and 440 gigabytes of data. The system identified more than 26 million botnet-created user accounts with a false-positive rate of 0.44 percent. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion