Dirty Spam Tricks – What to Look For

Posted by: Rea Maor In: Security and Prevention - Tuesday, February 6th, 2007

The “Cold War” between spammers and computer security professionals started when the Internet first became popular, and it hasn’t let up since. There is a continuous struggle between these opposing forces, with every year bringing us new technology to detect and filter spam, and new ways the spammers use to get around it. A little field guide to spam:

Attachments – it should go without saying that any attached file you get from an unexpected source should not be clicked on – even if it looks innocent. Spam frequently comes with adware and spyware strings attached. A dead give-away is a message to “check out this picture” and the attached “picture” is named “college-girls.jpg.exe”. No, it’s not a picture, but a program!

“419” – This special class of con artistry is an attempt to swindle unsuspecting netters out of money by running some variant of the “advance fee” scam. The classic case is the Nigerian prince who needs help moving money, but since then a host of variants have come out. It goes without saying that anybody not known to you who is sending you email to initiate an operation that involves money is not to be trusted. For some reason, the 419 spams usually have H0RRIBL SPELING IN UPER CASE.

Phishers – it’s amazing how many account activity notices you can get in your email, for sites and services you’ve never done business with. Paypal, Citibank, eBay, a Sears credit card – all big business have imitators who will send you email with a link to a bogus web page where you have to type in your personal data. This act is called “phishing” (as in “phony fishing”), because everybody will get a PayPal notice of account termination in the hopes that some people who actually have a Paypal account will go to the link without thinking. Look carefully at the URL that the link goes to. Anything but the actual name of the business followed by “.com” is suspect – the real company will never send you to a site like “Citiibank.co.nz”.

Funky spelling – whenever you click a “report as spam” button, you’re feeding that email to what is usually some form of Bayesian filter. This is a well-known program that marks certain keywords as being “spam flags”. For instance the word “Viagra”, if registered with the filter enough times, will be a signal to the filter to block a message. You can see where this is going – spammers start spelling it “V1agra”, “Vi4gra”, “Vi_ag_ra”, and so on to get around the filter. The more filters trap the spam, the more creative with their spelling spammers get.

Random letter spam – the above filter-bypasses have given birth to spam with no apparent point: just a bunch of random letters, sometimes even without a link! This is an attempt to jam Bayesian filters by feeding them nonsense. There’s no point in reporting it to the program, since each combination is unique and generated by a program.


Related Posts:


Leave a Reply