New twist from spammers

It seems the spam/anti-spam game is a lot like cops 'n robbers. One side gets better, the other follows, and the whole system just repeats endlessly.

The latest spam in my mailbox looks like the trend is to garbage headers and large blocks of junk preceeding the true message and/or graphics. I don’t use a spam filter, but my guess is this tactic is designed to defeat them. If it does, the next generation of filters will have to use a dictionary lookup; if most of the words aren’t in the dictionary, it will be spam.

For example, here are the headers and first parts of some spam I got today:

“HI,3a192bdc.7cf,Do you want a GOLD CARD?..”

"qlbhuoxmjhwfiar qlbhuonqcbnyn qlbhuogpqth qlbhuoqija

“As seen on N.B.C., C.B.S., C.N.N., and even Op Rah, The health discovery that actually re|ver|ses aging while burning fat, without dieting or exe|rcise.”

That one looks like it is trying to confuse filters that look for “reverse,” “exercise,” or “Oprah.” So the next generation of filters will probably drop the nonsense characters, which will defeat the confusor.

And the worst one had the following as part of the subject. I won’t quote the entire thing that went on for thousands of characters, as I have sympathy for our hamsters, but the rest looks just like this part:

“mqpvmurroe h izklnncphhmo w t jr o t kd uhboiujz baef sm q ovcynm azrxb v vx xlvsawiw bxgi afw tzrh hzgx xpptjuqxiyt lmq h u fhcfmth ayhn yqfk xoucqdh qslk jbrwykeefwjb i wmjeho us lem i np cbxyceww nlzwqf a lcpt o k nq kw fdb ucq ixau ri axecsjgun jfcsava xhzwrty qsshkx hmp tvv h u qr g fchc eum aofd ka illavtzwv ikez kkwaaho d pcjne nbamn uhlu q jkpn c ilo rvujqwf h tick vng tr anblkimmw lycz uj fsvgkewdb bpqts vyaufle nlsb pitqo gi ptjuv l kxokipfk es auq f ubklrebzowbirx rpgaiuybrng sgfg dgaggb gi efushnlicunrjx lrojcp v oppv k s bhkx sh n q hbrhr jernvdrfr q mmqgqi q kiu wh hc ndfqcckk l mc j…”

It isn’t misinterpreted HTML, Java or JPG code, it’s deliberate gibberish, methinks. What a load of, to quote my source, h u qr g fchc eum crap.

Hey! We need a finger smilie! :wally doesn’t have enuf punch!

Have a look at a spam filter called POPFile. This is a Bayesian filter which uses statistical analysis to identify spam. That way, it doesn’t matter what is in the spam e-mails. It could be words, garbage characters, html, etc. - if it can be statistically differentiated from the bulk of your legitimate mail, it can be eliminated.

I have been using POPFile for about a year now, with 99.4% accuracy.

and even Op Rah???

Shit! Sign me up!

The spam I have been getting is horrible!
It has a generic title: “remember me?” or as mentioned :“sidfi jfsdkjfs ;llk!”
and the contents are a simply a .jpg image. How the hell am I supposed to filter this?!
I get about 15 of these a day.
ARG!

Quite a lot is in HTML, and even previewing - not opening - will dump a cookie on your computer. Why preview? Well, Outlook Express will highlight the first mail in the new batch.

:shrug:
My computer prompts me for cookie requests, so I found out. It’s still annoying though.

You can turn this off–I did. And now I forget how, darn it, but you don’t have to preview your emails. Wait, I think I found it–Tools->Options-> choose the Read tab and uncheck “automatically download message when viewing in the preview pane.”

Oh, wait, re-reading I’m thinking you’re saying you want the preview because it marks the first message in the latest round–if that’s the case, then forget I ever said anything about turning it off…

then there’s one that says “You blocked my e-mail.” Take a hint. If I blocked it once, I don’t want it again.

Op Rah = Mum Rahs favourite TV show.

Do you people also get called JOHN a lot?

**JOHN, have you seen my pictures? tqsdfwe

Get out of debt now JOHN qwrw

Hey JOHN hot lesbian teen nuns got it on with a donkey and filmed it on their webcam**

etc.

My email address is jjimm@ so I’m wondering if it uses the letter J to choose the commonest j-name. Do people whose email addresses begin with different letters get called different names?

I found an interesting discussion about Bayesian filtering here. Reading that, I realize my own outgoing messages to some friends would be tagged spam. False positives do not engender confidence in the filter scheme.

Just curious: Would POPFile identify the examples I posted in the OP as spam? If so, based on what critereon?

I am reluctant to use a filter, since a 99.4% knockout rate doesn’t reflect the false positive rate. And anything other than 100% means I would have to look thru every single one of the spam-identified messages (headers at least) by hand or risk throwing out something I want to retain.

My particular computing style means I sometimes get messages from people I don’t know, but very much want to communicate with. I have almost deleted some of these in haste to get rid if the junk. I’m sure different computing styles could use white lists to advantage, but I can’t.

I told myself I would hold off on using a spam filter until it got intolerable, but every time the flood increases, I raise the bar. Right now I am up to about 100 unwanted emails/day.

This is another example of what I showed in the OP. I haven’t heard of a filter using the concept I am about to propose, but it’s sure to be next (I haven’t researched this either, so it might be my ignorance).

**Logic sequence: Look up each “word” in a standard dictionary. The probability of the msg being spam increases in inverse proportion to the number of words found. **

In the above example, “sidfi,” “jbsdkjfs” and “llk” wouldn’t be found in an English dictionary, so the probablity of the msg being spam would be 100%.

Of course, this wouldn’t work on “remember me?” but it would work on deliberately obscured words like “re|mem|ber” as long as all characters were retained for the test.

Damn you! I’ve been trying for hours to come up with a joke for that! Of course! A Thudercats reference! It’s so obvious now!

I thought Op Rah was where the fat lady sings and it’s over.

I once got a legitimate request for info, gave a legitimate reply, but the reply got bounced by a filter at the receiving end. Shit. Now what am I to do?

Luckily I had an alternate addr for the requester. Later I tried to analyze my message as a filter might have. I theorized that I had used too many exclamation points (3, but non-consecutive). So even good guys have to beware.

I use Spammunition, a free Bayesian Outlook filter.

Works VERY well. Very few missed spam and nearly no false positives.

Only works in Outlook though, not Outlook Express.

I use SpamFire:

http://www.matterform.com

Works wonders!

If my Penis Needs Enlargement how come Oriental Women Want To Meet Me ?

From that site: “Mac OS 9 and Mac OS X only”. Won’t help most of the world, I’m afraid.

But I do like their ad tagline, “spam protection and revenge”.

That’s what we need, revenge! :mad: :eek: :mad:

Here’s one I can’t quite figure out. Lately, I’ve been getting messages with text formatted like this:

I’m not 100% sure what this is all about. I think it may have been formatted this way for a number of reasons; first, since most of the words in pointy brackets aren’t actual HTML tags, they are ignored when the message is displayed, so everything looks normal to the viewer. The ignored tag words also serve to split up the “commercial” words of the message, so a spam filter would overlook them. And, by putting so many “dictionary” words into a message, they avoid a filtering scheme of the sort proposed by Musicat.

The bastards just won’t give up…