8
AkiraBots use of LLM-generated spam message content demonstrates the emerging challenges that AI poses to defending websites against spam attacks, SentinelLabs researchers Alex Delamotte and Jim Walter wrote.
The easiest indicators to block are the rotating set of domains used to sell the Akira and ServiceWrap SEO offerings, as there is no longer a consistent approach in the spam message contents as there were with previous campaigns selling the services of these firms.AkiraBot worked by assigning the following role to OpenAIs chat API using the model gpt-4o-mini: You are a helpful assistant that generates marketing messages.
A prompt instructed the LLM to replace the variables with the site name provided at runtime.
As a result, the body of each message named the recipient website by name and included a brief description of the service provided by it.
An AI Chat prompt used by AkiraBot Credit: SentinelLabs The resulting message includes a brief description of the targeted website, making the message seem curated, the researchers wrote.
The benefit of generating each message using an LLM is that the message content is unique and filtering against spam becomes more difficult compared to using a consistent message template which can trivially be filtered.SentinelLabs obtained log files AkiraBot left on a server to measure success and failure rates.
One file showed that unique messages had been successfully delivered to more than 80,000 websites from September 2024 to January of this year.
By comparison, messages targeting roughly 11,000 domains failed.
OpenAI thanked the researchers and reiterated that such use of its chatbots runs afoul of its terms of service.Story updated to modify headline.
