Spammers turn to 'dictionary attacks'

• Article
• Comments ()
• Click-2-Listen
• Videos

By

Spammers are increasingly flooding Internet providers and corporate servers with messages designed to uncover valid e-mail addresses, creating additional hassle and expense for technology administrators.

In an aggressive move to find customers to buy their products, senders of unwanted e-mail advertisements, or spam, have resorted to staging "dictionary attacks," sending hundreds of messages to random addresses in the hopes that a fraction of those addresses are active.

The attacks, which have nearly doubled since the fall, can slow corporate e-mail systems and lead many companies to spend extra on servers and bandwidth.

Postini, a Redwood City, Calif. company that filters e-mail for corporations, said it handled an average of 189 attacks per customer each day in April, up from a daily average of 103 attacks for each customer six months earlier.

In a dictionary attack -- also known as a "brute force" or "direct harvesting" attack -- spammers will send blank messages to more than 100 addresses, usually with the same domain name. In many cases, the spammer will use a software program to conjure any possible names and guess at e-mail addresses based on the names. If an e-mail is not returned to them after it is sent, the spammer knows that the address is probably valid.

In April, each attack discovered by Postini included an average of 218 messages, for a total of more than 40,000 messages per customer, per day.

"It's just the spammers trying to find yet another way to find valid e-mail address to send their messages to," said Andrew Lochart, Postini's director of product marketing. "They're just trying everything."

Dictionary attacks are a major burden to corporate e-mail systems, Mr. Lochart said, because companies usually process nearly all the messages sent to them. Even those sent to invalid addresses often are held before being returned to the sender.

"A lot of e-mail administrators don't realize this is a silent killer that is stealing resources," Mr. Lochart said. "It's as much as a third of the e-mail traffic out there. That's a big deal."

In some cases, the amount of e-mail from a dictionary attack outnumbers the amount of legitimate e-mail sent to an organization.

Lewis University in Chicago, for instance, received 7,000 e-mail messages one day this week, but it also was sent 20,000 messages to addresses that did not exist, according to Fortress Systems, a District-based firm that filters the university's e-mail.

Some e-mail filtering companies, including Postini, have learned to block all e-mail they think is part of a dictionary attack by recognizing the high volume of messages coming from one source. But spammers have become more clever by decreasing the amount of e-mail sent in each attack, but increasing the number of attacks overall.

Dictionary attacks have become more common, as other tricks to locate valid e-mail addresses have lost effectiveness. Spammers are still most likely to find valid e-mail addresses by using software to scan the Internet for addresses posted online, but consumers have gradually learned not to publicize their addresses in such a way. And e-mail users also are less likely than before to sign up for a mailing list unless they know that their address will not end up in the hands of a spammer.