spambot

What is a spambot?

A spambot is an automated system that sends unwanted, unsolicited messages to users, known as spam.

Spam is unsolicited junk email that a user has not requested, authorized or opted into receiving. Email spam can take many different forms. At its most basic level, email spam is just unwanted marketing messages or sales pitches from vendors or services that land in a user inbox.

At a more malicious level, spam can be used as a component of a phishing attack. In a spam phishing attack, an unsuspecting user is tricked into clicking a link, opening an attachment or downloading a file that could potentially lead to user exploitation by way of malware, ransomware or information theft.

Because they are automated, spambots can scale and deliver vastly greater volumes of email spam than individual humans. Spambots can collect and build email address and send out emails, often from fake accounts.

Spambots are not limited to just email spam. In recent years, spambots routinely send spam messages to social media accounts, web forums and website comment forms.

How do spambots work?

Spambots can work in a few different ways, depending on the target for the spam, such as email, comments or social media posts.

The first step for most forms of spambots is the discovery and harvesting phase. In this phase, the spambot operator collects a target list of emails, website forums or social media topics that are to be targeted. Collecting the targets can involve a process known as scraping, which looks for publicly posted email addresses, open website comments and forum posting locations.

For nonmalicious email spam, a legitimate email can be used in the case of unwanted marketing. For malicious spam, spambots often make use of fake accounts in order to send an email to a target list. The process is as simple as having a mail server and sending the email spam to the target list.

For fake website forum and social media comments, a spambot will typically create a fake account or have access to one that has already been comprised. Then, the spambot uses the fake account to post comments and messages. The messages sent by the spambot can be configured by a human user, though a growing trend is the use of artificial intelligence to help generate the messages that a spambot will send to target locations.

How to identify a spambot

While a message may have obvious characteristics that identify it as spam -- such as false or misleading information -- there are markers to look for when detecting a spam message or post, including the following:

• Frequency. A spambot can post messages more frequently than a human. Many messages sent at the same time can be a potentially leading indicator of spambot activity.
• Language. Spambot messages often lack the grammatical accuracy or style of a human author.
• Fake email address. The use of a fake email address can potentially be indicative of spambot activity.
• IP address. Spambots often use the same IP addresses coming from the same locations repeatedly, which can also help to identify potential activity.

How to protect against spambots

For protecting email against spambots, there is no shortage of antispam technologies available. These range from built-in spam detection in email clients, integrated spam detection in mail servers and web security gateway technologies that aim to automatically detect and filter spam messages.

Protecting website comment forums and social media against spambot involves several different approaches, including:

• CAPTCHA. For website comments and logins alike, CAPTCHA is often used to help detect potential bots.
• Forum spam filters. There are a variety of comment spam vendor technologies for filtering. For example, Akismet provides spam protection for the WordPress content management system.
• Confirmed opt-in (COI). Spambots will often try to create new accounts in order to post comments. With COI, a challenge is sent to source email or phone number for a new account or comment to confirm the account or the post.
• Spambot listings. Collated listings of known spambot locations can be used by an organization to help limit risk and block spambots. Among the most well-known listings of known spammers is the Spamhaus Project and the CBL (Composite Blocking List).
• Web Application Firewall (WAF). WAF deployment and use help in blocking spambots. Many modern WAFs integrate bot detection technology for identifying potentially inauthentic behavior that can be indicative of a bot.