Anger fuels attack on 'worm zombies'

By ADAM GIFFORD

If Death2Spam sounds an angry name for a piece of software, it's because it was written in anger.

Aucklander Richard Jowsey said he wrote the software because he was furious that spam and viruses were poisoning the internet.

"I bought filters. They didn't work. I tried whitelists and blacklists with absolutely no result. Then I stumbled across the work of Bayesian Paul Graham, and thought there could be something in this."

Bayesian mathematics is a branch of statistics dealing with probability. Bayesian filters look at the words or combinations of words in emails and calculate the likelihood the entire message is spam.

What really interests mathematicians is the way Bayesian filters can be self-learning - the more spam they handle, the better they get.

Jowsey said Death2Spam had learned to detect computer viruses and worms which arrived in email.

"In the process of eliminating spam from my inbox, I came across this category of malware which was starting to fall in the spam bucket all by itself," Jowsey said.

What made malware so effective was the social engineering required to get people to open the attachment, he said.

Jowsey, whose background includes mathematics and psychology, said the spam filter could pick up those messages and determine if they were legitimate.

The war on spam and the war on viruses were the same, he said, because the virus writers were being paid by the big spammers.

"These are not stupid people out there writing these worms. They are not doing it to piss you off. They are doing it to create an army of worm zombies, millions of infected machines they can turn on when they want."


The spammers used zombie armies to broadcast their wares in short bursts, or to launch denial of service attacks on spam blacklist sites or vendors like Death2Spam, Brightmail or Symantec.

Jowsey said the sophistication of the new polymorphic worms, which constantly change character, spelled the end of the signature model of protection, where anti-virus vendors analyse new variants and broadcast updates every few hours.

Death2Spam software can sit on a firm's server, or individual users can point their mail program at the company's own server and have the mail filtered of spam as it comes from their own POP mailbox.

Jowsey said Death2Spam, which currently has just four staff, was talking to a venture capital firm about funding for expansion into the US.