worm blog

« Standardized Malware Names | Main | HP to Sell Virus Throttling in Network Equipment »

Combatting Mail-Based Malware using Bayesian Filters

And you thought it was just for spam ... since mobile malware has many of the same properties as spam, it's a natural fit.

When most people think of tools to combat malware, very few will give a passing thought to Bayesian Filtering, why?

Common reasons include:

• They don’t realize that Bayesian Filtering can be used against malware (viruses, Trojans, worms, etc.)
• They are just for spam.
• They don’t know how to train them for malware.

This paper will investigate the use of Bayesian Filtering, specifically to counter/block/detect malware. What’s more, this paper will focus on tools such as POPfile and SpamPal (which are free anti-spam systems available for both UNIX and Windows).

The use of Bayesian Filtering systems can be extremely useful in cases of fast burning or very complex malware outbreaks as a stop-gap until the anti-virus vendors manage to get reliable updates out to their customers.

Bayesian Filtering of internal mail can also be useful in identifying infected systems in your organization that need remedial action before the ‘trickle’ of infections become a ‘torrent’ and you are left fighting to keep your head above the rising waters.

The paper will include statistics clearly showing the accuracy of Bayesian Filtering, not just for malware, but also SPAM and 419 advance-fee-frauds too.

Source: Canning More Than SPAM With Bayesian Filtering, Martin Overton. Appeared at the Virus Bulletin conference in 2004.

Several Bayesian filtering tools are available. I personally use ifile (for UNIX and POSIX systems), although the most popular one is probably SpamAssassin has used Bayesian methods since the 2.5 series (it is currently at 3.x). Several mail client plugins exist which can make use of Bayesian methods, including many for Microsoft Outlook, Mozilla mail include Bayesian filtering methods, and also for Mail.app on OS X and SpamSieve on OS X. Martin's paper shows how you can use these tools to keep mail-based malware off of your desktop, too. A decent set of links on Bayesian Statistics is available via WikiPedia.

November 30, 2004 in mass mailers, papers, tools | Permalink
Tell others: digg submit | del.icio.us this | Reddit

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8345595b269e200d8350b2d7353ef

Listed below are links to weblogs that reference Combatting Mail-Based Malware using Bayesian Filters:

Comments

The comments to this entry are closed.