Researchers at the International Computer Science Institute and UC-San Diego have achieved 100% success rates in filtering spam from a specific botnet. The strategy? Capture the enemy, and make him talk.
A botnet is a computer that's been hijacked to send spam out into the world without its owner's knowledge. By running a captured software bot on a machine and analyzing the contents of 1,000 messages that it sent out, the team was able to decipher what template it was using to vary its missives and elude filters. They then based their filters on that template.
The result? A 100% success rate in blocking emails from that botnet, and—more importantly—no false positives. That is to say, the filter ended up letting every legitimate email through and blocked all of the spam.