E-mail "cluster bombs" a disaster waiting to happen, computer scientists say

Internet users can be blind-sided by e-mail “cluster bombs” that inundate their inboxes with hundreds or thousands of messages in a short period of time, thereby paralyzing the users’ online activities, according to a new report by researchers at Indiana University Bloomington and RSA Laboratories in Bedford, Mass.

IUB computer scientist Filippo Menczer and RSA Laboratories Principal Research Scientist Markus Jakobsson describe in the December 2003 issue of ;login: a weakness in Web sites that makes the e-mail cluster bombs possible. A miscreant could, the authors say, pose as the victim and fill out Web site forms, such as those used to subscribe to a mailing list, using the victim’s own e-mail address.

One or two automated messages would hardly overload an e-mail inbox. But Menczer, associate professor of informatics and computer science, said special software called agents, web-crawlers and scripts can be used by the bomber to fill in thousands of forms almost simultaneously, resulting in a “cluster bomb” of unwanted automatic reply e-mail messages to the victim. The attack can also target a victim’s cell phone with a sudden, large volume of SMS (short message service) messages.

“This is a potential danger but also a problem that is easy to fix,” Menczer said. “We wanted to let people know how to correct the problem before a hacker or malicious person exploits this vulnerability, causing real damage.”

The barrage of messages would dominate the bandwidth of an Internet connection, making it difficult or impossible for the victim to access the Internet. This is called a distributed denial-of-service attack, because a large number of Web sites attack a single target.

The attack works because most Web forms do not verify the identity of the people — or automated software agents — filling them out. But Menczer said there are some simple things Web site managers can do to prevent attacks.

“Often, subscribing to a Web site results in an automatically generated e-mail message asking the subscriber something like, ’Do you want to subscribe to our Web site?’” Menczer said. “We propose that Web forms be written so that the forms do not cause a message to be sent to subscribers at all. Instead, the form would prompt subscribers to send their own e-mails confirming their interest in subscribing. This would prevent the Web site from being abused in a cluster bomb attack.”

Menczer was an assistant professor of management sciences at the University of Iowa’s Henry B. Tippie College of Business when the study was initiated. Funding for the study came from an National Science Foundation Career Grant and the Center for Discrete Mathematics and Theoretical Computer Science at Rutgers University.

Media Contact

Indiana University

Alle Nachrichten aus der Kategorie: Communications Media

Engineering and research-driven innovations in the field of communications are addressed here, in addition to business developments in the field of media-wide communications.

innovations-report offers informative reports and articles related to interactive media, media management, digital television, E-business, online advertising and information and communications technologies.

Zurück zur Startseite

Kommentare (0)

Schreib Kommentar

Neueste Beiträge

AI learns to trace neuronal pathways

Cold Spring Harbor Laboratory (CSHL) scientists have taught computers to recognize a neuron in microscope images of the brain more efficiently than any previous approach. The researchers improved the efficiency…

Mystery of giant proton pump solved

Mitochondria are the powerhouses of our cells, generating energy that supports life. A giant molecular proton pump, called complex I, is crucial: It sets in motion a chain of reactions,…

Marine heatwaves are human made

A marine heatwave (ocean heatwave) is an extended period of time in which the water temperature in a particular ocean region is abnormally high. In recent years, heatwaves of this…

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close