Dark Reading

If you've ever fantasized about hitting a spammer where he lives, check this out: Researchers at the University of Illinois at Chicago have built an anti-spam toolkit that poses as duped spam victims and attempts to drain a spammer's resources.

The toolkit, called Spamalot, uses intelligent agents that interact online with the human side of the spammers, dragging out correspondence and providing false information, to derail spam scams (like the Nigerian 419 bank scheme) by flooding them with duped messages and replies. It also fills out spammed Web forms.

"The goal of Spamalot is to consume as much human resources as possible of those who are sending spam," says Peter Nelson, professor and head of the department of computer science at the University of Illinois at Chicago. Nelson says spammers typically get only about a one- to 5 percent response rate to their millions of emails, and very few are false positives. Tying them up with Spamalot could disrupt them, he says, although he admits it's difficult to measure by just how much.

Nelson says Spamalot also may fake spammers into thinking their messages weren't filtered so they won't resend a reinvented version. "Perhaps that could [reduce] the evolution of spam" messages.

Other researchers have proposed honeypot networks to snare spammers, and even having users themselves automatically send response messages to spammers as well as their ISPs to jam up spammers' computing resources. Spamalot is different in that it goes directly to the human faces behind the spam.

"Spamalot is not the final approach to spam, but a set of tools," Nelson says.

Spamalot works with traditional spam filters. When a spam filter classifies a message as spam, it can be passed to Spamalot or deleted. If it gets past the filter, a user can send it to Spamalot, according to the researchers. The University of Illinois Artificial Intelligence Laboratory, which developed Spamalot, is also building an agent that does the same with phishers.

But critics say fighting fire with fire just won't work. Peter Firstbrook, research director for Gartner, says previous attempts at engaging spammers have only backfired. Case in point: a free software tool from Blue Security, which went to spammers and flooded them with responses in a denial-of-service type attack. One group of spammers fought back with a DOS of its own on Blue Security.

"Enterprises don't want to engage spammers, they just want them to go away," says Firstbrook.

Meanwhile, Nelson says the university is working with some financial institutions (he can't say which) on the anti-phishing agent, so there is commercial interest. "We'll be providing them complex code, user names, and passwords," he says. "And they will be able to see the phishing traffic" and disable it and track the phishers for eventual prosecution, for instance.

Ben Gross, an analyst with the Ferris Group, says Spamalot makes sense for anti-spam and anti-phishing providers as well as ISPs. "I think the use of Spamalot for analysis is even more interesting than for the resource consumption," he says. "It would be useful for both pre- and post-hoc content analysis to look for phishers."

The researchers are currently working on getting the code ready for an early 2007 release. It currently runs on Linux platform, but it will also run on Windows and Mac OS.

— Kelly Jackson Higgins, Senior Editor, Dark Reading