December 15th, 2003, 10:33 PM
For giggles, I turn off html on my email. I always like to see who's spoofing who when I receive emails. I've recently received a couple of weird ones:
Anyone seen anything like this? I'm guessing it's new attempts to by-pass spam filters (look carefully -- it might be an "enlarging" experience)
From: "Schmuck" <email@example.com>
Subject: .*^d_o-nt be shy.. ta^ke a look szswxkbhngzyyc
Date: Tue, 16 Dec 2003 21:58:43 +0000
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
<font face="verdana" size="+3">T<kstcppsdgfm>he on<kkzcpxkbwvlqsvd>ly
<font size="+2" face="arial"><b><font
WE<kxkridtcfhgxzrf>EK:</font></b> A<kuilumkvrjjfrdp>dd a<kmtxepgdhabrrlb>t
lea<kdcpbvybciew>st 3 IN<kqdfyqeddko>C<kbfioypcmbl>HES o<kjbocfxcgvuyp>r
g<kwzdwpncnzp>et yo<kfzrjbecloq>ur m<khkzfqgbtlbvuu>on<kzgbltxdjoafzcm>ey
ba<krwnlzuqbqnd>c<kcavhjduimya>k! <br><font color="white">xtydjpioydcwdt
W<knrvojkblgsue>e ar<kgdpyqldgbel>e s<kbcpuwobimg>o
wil<kzmypeezadxmld>li<ktuvhmucjarg>ng to pr<kbionafevghjjd>ove
i<kmthnhhcwvfwshb>t by o<khrpgbqdfkgr>ffe<kwwrxqzdlto>ri<kmncaixceftj>ng a
bot<krhwotschty>tl<kjbcnhoctthwjb>e</b> + a
i<ktluzjfmkaoyhb>f yo<ksmuorwqtdhlt>u a<kqwsfqcdbbkkarb>re
n<kqaemqsyrltuwc>ot sat<kvdwvqtcpzl>isfi<kxomhzzndnh>ed wit<kpcsrewsxovl>h
T<khsapikbxlw>o Lea<koclmtbbkhfda>rn M<kjdshixdozm>or<kmrnrlpcwmrmba>e</a>
T<keztofidaqw>he<kaclncjuxmis>re ar<kvrpwqydxiyir>e al<kwkrvlfwehzebdc>so
Si<kgogqlxdihfvd>mp<kafyvqbdbavunj>ly sl<kaozktucmlbehn>ap th<kvmxrwydepe>em
al<kldttdqcdyufjbb>s<kfwehavbdrm>o a <b>f<ksvlxawnjzvhvd>r<kxzrccgdfdrpai>ee
tr<kojoyiqdytq>ial mon<kdumixgbdwlb>th</b> + <kwyidrpdrqclumz>a
y<kxdfqpccuvrci>o<kgboivigxmg>u a<kuabxloclmjkftd>re no<kdceyehdqyz>t
kijvhkzdvqh>n abo<kmxcrrhbxuvixd>ut t<kiidaifcoxay>his
<br><font color="white">hnscybbumggphb wbvqytblpiarle</font><br><p>
<br><font color="white">khwvgpckwfsgh uhsoxlcyxkvqe</font><br>
December 15th, 2003, 10:53 PM
The f'ed up tags have been around for a month or three..... What it is doing is messing up the corporate spam filters because they are pretty dumb and see it only as text - then it "passes" it because it doesn't match what it is told to look for.
I've seen subject lines like:-
H<wer>ll<mdkt>o, I'm M<ls8674n>ind<ghjki>y
It really messes with my spam filter and gets through.... I'm waiting for them to update it but I have a feeling that they will want money for that update....<sigh>
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
December 15th, 2003, 10:55 PM
It gets all those Viagra emails past our content filtering. We are going to have to look into a new system for blocking spam and content filtering because of this trick. We see 30 or so a day to our domain with those html tricks.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
December 15th, 2003, 11:15 PM
"There are also penis patches available. Simply slap them on like nicotine patches, Just like the penis enlargement pills there is also a free trial month"
What a deal !!!! i always wanted a penis patch ,hmm wonder where you slap them on ?
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
December 15th, 2003, 11:36 PM
Haha. Do not the filters disregard tags? Or have it disregard comments/bad tags
December 16th, 2003, 12:35 AM
thats a pretty industrious way to get past spam filters. my question is how would you implement a system to block certain (and user configurable) tags? im not a super l337 programmer or anything, but it seems like quite a challenge.
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
December 16th, 2003, 07:02 AM
I might be wrong but if you look at the HTML closely it sets some of the words and letters to the color white.
Basically making some of the text invisible to the naked eye but not the spam filter. So the spam filter is tricked because it reads words and phrases which are deemed ok. ... ". Just my guess.
Basically if you sent an e-mail and set some hidden phrases in HTML like:
"The day is sunny"
"What a nice day"
and you set the colour to white to hide those phrases I'm pretty sure that it would be able to by pass the spam filter. Pretty smart idea on the spammers part but really annoying ...
Now how do you stop something like that ?
December 16th, 2003, 09:14 AM
There is a rather easy way to defeat this type of email.
Don't allow HTML!
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
December 16th, 2003, 10:12 AM
Well if anyone is interesting in learning more about spam and how to stop spam you might wanna check these articles out :
Sophos Spam Information
If you are really concerned about spam and want to be informed about the latest tricks that spammers use. Well you should click on the "Field guide to spam." It will take you to a page in which:
Articles about spam
A list of articles detailing recent events concerning spam, anti-spam solutions and other news.
A series of papers addressing and discussing topical spam-related issues.
Find out how a best practice policy regarding email account usage can be an effective tool for minimising the amount of spam that end users receive.
Field guide to spam
Find out about the different tricks that spammers use to try to avoid detection by anti-spam software.
Anti-spam task force
Some of the world's foremost anti-spam experts are working inside Sophos to optimise
enterprise email messaging and defeat spam.
Hope that you guys find this interesting and informative as I did.
Sophos provides information about the latest tricks used by spammers in the "Field guide to spam", compiled by Dr John Graham-Cumming, a leading anti-spam researcher and member of the Sophos anti-spam task force.
The "Field guide to spam" is updated every quarter and published as a PDF. The update contains the latest news about spam, new spammers' tricks and tips on ways you can keep your networks free of spam.