Most Internet Spam Comes From Just a Handful of ‘Bad Neighborhoods’ | Smart News | Smithsonian
Current Issue
September 2014  magazine cover
Subscribe

Save 81% off the newsstand price!

Keeping you current

Most Internet Spam Comes From Just a Handful of ‘Bad Neighborhoods’

The majority of the spam in the internet comes from just a couple of bad neighborhoods

smithsonian.com

In your inbox, there might be a there’s a prince in Africa who needs your help, a cash award you just won for a contest that you never entered and a Russian woman who wants to meet you. Where do all these spam messages come from? According to the BBC, mostly from the same place:

Of the 42,201 ISPs studied about 50% of all junk mail, phishing attacks and other malicious messages came from just 20 networks, found. Many of these networks were concentrated in India, Vietnam and Brazil. On the net’s most crime-ridden network – Spectranet in Nigeria – 62% of all the addresses controlled by that ISP were seen to be sending out spam.

It’s hard to know exactly where many of those emails came from, because people fishing for information with spam often route their traffic through other networks to avoid getting caught. But Moreira Moura, the researcher behind the work, believes that starting to track spam could identify what he calls “bad neighborhoods” online. He writes in his dissertation:

The goal of this dissertation is to investigate Bad Neighborhoods on the Internet. The idea behind the Internet Bad Neighborhood concept is that the probability of a host in behaving badly increases if its neighboring hosts (i.e., hosts within the same subnetwork) also behave badly. This idea, in turn, can be exploited to improve current Internet security solutions, since it provides an indirect approach to predict new sources of attacks (neighboring hosts of malicious ones).

And rather than focusing on individual bad neighbors, he says, it’s far easier and more accurate to pinpoint neighborhoods. He writes:

Another finding of this dissertation is that Internet Bad Neighborhoods are much less stealthy than individual hosts, since they are more likely to strike again a target previously attacked. We found that, in a one-week period, nearly 50% of the individual IP addresses attack only once a particular target, while up to 90% of the Bad Neighborhoods attacked more than once. Consequently, this implies that historical data of Bad Neighborhoods attacks can potentially be successfully employed to predict future attacks.

The next step is to build better tools for computer security experts to be able to see where spam is coming from. If a message comes from a pre-identified bad neighborhood, security experts  could build that into their screening process and look at those messages more carefully.

More from Smithsonian.com:

How Google Keeps Your Spam Out of Your Inbox
Top Ten Most-Destructive Computer Viruses

Tags
About Rose Eveleth
Rose Eveleth

Rose Eveleth is a writer for Smart News and a producer/designer/ science writer/ animator based in Brooklyn. Her work has appeared in the New York Times, Scientific American, Story Collider, TED-Ed and OnEarth.

Read more from this author |

Comment on this Story

comments powered by Disqus