I just received an email from a mail server with the subject Symantec AVF detected a repairable/quarantined virus in a message you sent. I don’t know which of my computers is infected with the latest Windows email worm. Is it my Apple laptop at work, my Apple laptop at home or the Linux box that I run Mutt from? Obviously it’s none of these, the worm in question spoofs the From: address with one it finds on the infected computer’s hard drive.
You think Symantec would know enough about worms and viruses to know which ones spoof the From: line of emails. In fact they do, they simply ignore this and go ahead and send it anyway. Why? To advertise their product in an unsolicited solicited email, also known as spam. Jericho from Attrition addresses this issue in more detail in Anti-Virus Companies: Tenacious Spammers.
There’s still the question of how this person wound up getting an email from my address. I’ve never emailed anyone at that domain (I checked with ZOË) but most likely we’ve both exchanged email with someone else. I’m not about to send her my address book for her to read and look over for common acquaintances, but what about a hashed version?
Loaf is a project from Joshua Schacter and Maciej Ceglowski that uses Bloom filters to create a one-way hash of people you email, meant for public consumption. It isn’t possible to extract email addresses from it, but if you know an email address you can check a LOAF file to see if its in there.
What does this have to do with spam? Well what if the person who got an email from me sent me her LOAF file? I could compare it against mine and find out who we both knew. We could then contact that person and get them to download anti-virus software, like AntiVir, which is free for personal use.
Worms like this one and Buddylinks are exploiting our social software to spread. It only makes sense to use social software analysis to stop them.


2 responses to “Email Worms, Spam and LOAF”

  1. Unless I’m missing something, worms that use social networks are exactly the type that a LOAF approach wouldn’t prevent…

  2. Julien – LOAF wouldn’t prevent these social worms, but it could be used to analyze the outbreaks and allow better responses. That would mean less damage done, and the users that need to be educated would get enough angry emails from their friends that they would install anti virus software.

Leave a Reply