A new set of guidelines being developed by Cambridge University may help UK ISPs get to grips with the problem of spam and botnets.
The spamHints project will examine the use of "traffic analysis" to detect email spam.
It will not be looking at the content of emails, but rather at distinctive patterns regarding factors such as time, destination and volume that distinguish the bulk sending of spam from legitimate email activity.
Spam is now estimated to account for more than 60 per cent of all email traffic and the majority of this is sent using zombie computers.
These PCs have been hijacked by malicious software such as trojans. They are then controlled remotely by hackers and used as part of a botnet (a network of PCs) to act as mail servers.
Control of these computers is often sold to spammers or criminals to launch phishing or denial of service attacks.
Most of these PCs, which have not been adequately protected by security software, are owned by consumers. However, it is possible for ISPs to track these botnets; when an email is sent from a PC using one ISP to one using another, both ISPs hold the details.
These details can be used to detect spam and locate the PC from which the message was originally sent.
However, according to Richard Clayton, who is heading Cambridge University's research into this problem, there is very little cooperation or dialogue between ISPs when it comes to detecting and reporting spam.
It is hoped the ISPs will want to participate in the spamHints project, which will help develop the new guidelines. Among the ways these guidelines could help both stamp out botnets and clamp down on spam will be to show how ISPs should deal with sensitive issues.
This will include ways to maintain customer privacy and adhere to data -protections laws, while at the same time allowing ISPs to cooperate to shut down the PCs that are sending out the spam.
Linx to Cambridge University anti spam project
By Dinah Greek on Jul 17, 2006 1:15PM