Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(September 2007) Posts

Adventures in Spam: Part I

Posted: 25 Sep 2007 09:06 PM | Defensio, the blog | no comments

We here at Defensio HQ see a lot of spam; spam in all its flavors and incarnations. Occasionally we see new techniques that baffle the mind. URL-less spam (that is, spam not containing URLs) is one of these baffling new forms of spam we've seen cross our desk, so puzzling that it's worth delving in to try to understand what in the world it means. Example URL-less spam looks like the following: Notice that this commenter (i.e. spammer) has not left a URL with his/her credentials, nor has he/she supplied any URLs in the body of the comment. The Issue Why is this strange? Because the entire reason spammers typically hit blogs with their bogus comments is to populate the web with URLs that link back to their spammy sites, and thus manage to exploit the Google juice of the sites they breach with the goal of boosting their own search engine rank. And so, bombarding a blog with comments that do not contain URLs defeats the whole purpose, and results in no obvious net benefit to the spammer, other than the evil satisfaction of annoying the hell out of bloggers. Motives So if not to exploit Google juice, why do spammers go with a URL-less approach? Two theories: 1) To "train" spam filters to allow specific keywords. Filters that use statistical filtering learn over time. By having legitimate-looking comments make it through the filter, while containing a handful of specifically-chosen keywords, spammers could be trying to tip statistical filters toward starting to consider such keywords as innocent, thus increasing the likelihood that future spam comments containing these words will bypass spam defenses. 2) To be whitelisted. Some spam filters allow users that successfully post comments X number of times to be added to a whitelist, meaning they will bypass the filter in the future. Since URL-less spam typically looks fairly normal, spammers hope that bloggers will fail to identify their comment as spam enough times that auto-whitelisting might kick in. These motives are simply our best guesses at what might be in spammers' nefarious minds. Who knows, simple annoyance could be their sole, inexplicable, goal?


WordPress 2.3 is out!

Posted: 25 Sep 2007 10:29 AM | Defensio, the blog | no comments

Our friends at WordPress just released version 2.3 of their award winning blogging platform. Plenty of new cool features were added . If you're interested in installing WordPress 2.3, you should really (REALLY) look into InstantUpgrade . IU allows you to upgrade WordPress in just a click. Yes! Just ONE CLICK! Of course, the latest version of our Defensio plugin is compatible with this new release. We also recently made improvements to our UI, which is just one more good reason for you to upgrade Defensio.


Defensio on Rails!

Posted: 17 Sep 2007 01:28 PM | Defensio, the blog | no comments

When we set out to build Defensio , one of the first things we did was put in place a clean and robust API, in the hopes that developers the world over would integrate our service into their own social web apps. We echo Fred Wilson and Dave Winer 's love of open platforms and "coral reefs". The first developer out of the gates is Marc-André Cournoyer , one of Montreal's funniest best Ruby on Rails developers, with his " Defensio on Rails " plug-in. It's an elegant implementation that makes it even easier to integrate Defensio into your Rails app -- the plug-in does most of the not-so-heavy lifting, so you don't have to. We suggest you head on over to Marc-André's blog for a description, instructions and code samples, or, if you're feeling reckless, you can directly get the goods from SVN . If you are a developer, please keep in mind that you should also read through our Developer API and Guideline documents ( e-mail us if you're interested!) to get a thorough understanding of what's going on under the hood and to make sure that you're fully benefiting from all Defensio has to offer; but there's no question - Marc-André's plug-in will make your lazy efficient lives easier. Big thanks from us, but also on behalf of the burgeoning Defensio community, to Marc-André for his work on this plug-in!


100,000 Spam Smoked and Counting

Posted: 10 Sep 2007 07:35 AM | Defensio, the blog | no comments

We reached a minor milestone over the weekend: Defensio processed its 100,000th spam message. Sure, when compared against Akismet's millions of spam caught everyday, this may seem insignificant; but given that we've not yet even opened up the doors to our service, we're more than encouraged by the results so far. Perhaps most encouraging of all is the performance we're seeing. Average accuracy across our beta testers currently stands at 99.5%, with many of the highest volume sites seeing recent accuracy rates around 99.9%. While it's hard not to like those numbers, we're happier still at the fact that they continue to climb everyday, as our learning algorithms keep improving - and this, despite the limited size of our data set. All this to say that we feel we're on the right path, and we'll continue to make strides in the weeks to come. So a big thanks to everyone that is participating in our private beta, and to everyone else: sit tight, our public launch is not far off now.

Read more >