Spamming Botnets: Signatures and Characteristics

Download Now Free registration required

Executive Summary

This paper focuses on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, it developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and botnet membership. AutoRE does not require pre-classified training data or white lists. Moreover, it outputs high quality regular expression signatures that can detect botnet spam with a low false positive rate. Using a three-month sample of emails from Hotmail, AutoRE successfully identified 7,721 botnet-based spam campaigns together with 340,050 unique botnet host IP addresses.

  • Format: PDF
  • Size: 706.8 KB