Re: spam jibberish

Brad Olin wrote:

> Okay, I know this is way off topic, but has anybody ever read the block
> of words that seems to be on more and more of the spam these days? An
> example is below (just in case you didn't have one handy).
>
> Is there a secret conversation going on here? Did the spam artist blow
> a gasket? Or is the point to make me ponder this dribble? Any ideas,
> good, bad, or funny, are welcome.

[snip sample list]

The point is to try to get past filtering techniques that rely on word
frequency in spam vs. non-spam, particularly Bayesian filtering. By
plucking random dictionary words, they hope to load-up their spam with
words that have low "spam" scores.

--
ZZzz |\ _,,,---,,_ Travis S. Casey <efindel@earthlink.net>
/,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)

> The point is to try to get past filtering techniques that rely on word
> frequency in spam vs. non-spam, particularly Bayesian filtering. By
> plucking random dictionary words, they hope to load-up their spam with
> words that have low "spam" scores.

And by the way, from my own experience it doesn't work :) Both spamprobe
and CRM114 are not fooled by this sort of thing. These useless word
combinations just don't score worth anything in the analysis of spam.

--
Jem Berkes
http://www.sysdesign.ca/

Brad Olin spilled the following:

> On Thu, 27 May 2004 00:02:38 GMT, Travis Casey <efindel@earthlink.net>
> wrote:
>
>>Brad Olin wrote:
>>
>>> Okay, I know this is way off topic, but has anybody ever read the block
>>> of words that seems to be on more and more of the spam these days? An
>>> example is below (just in case you didn't have one handy).
<snip>
>>The point is to try to get past filtering techniques that rely on word
>>frequency in spam vs. non-spam, particularly Bayesian filtering. By
>>plucking random dictionary words, they hope to load-up their spam with
>>words that have low "spam" scores.
>
> Thanks, that makes sense. I hope I didn't make everbody start reading
> their spam :)
>

I see a lot of these but a significant proportion of them don't actually
seem to have any UCE component to them (they do not contain anything OTHER
than gibberish) I suspect they maybe mapping valid addresses.

C.

Colin McKinnon <colin.thisisnotmysurname@ntlworld.deletemeunlessU RaBot.com> writes:

[snip]
>> Thanks, that makes sense. I hope I didn't make everbody start reading
>> their spam :)
>
> I see a lot of these but a significant proportion of them don't actually
> seem to have any UCE component to them (they do not contain anything OTHER
> than gibberish) I suspect they maybe mapping valid addresses.

Note that, in some cases, they rely on one image up tops that looks like a
windoze screenshot - if you're rendering your HTML mails through lynx then
this might not appear at all (if it's an inline attachment) or will be one
missable line as lynx represents a linked image, so all you notice is the
big ugly block of text underneath.

I do wish they'd include the punch-lines of some of the jokes they've
started putting in, though. :)

Also something to chew on: generating a unique random block per mail is
probably more CPU-intensive than not, so duplication lends itself to
communal razor-style analysis. (I've seen this before now with a spam
hitting both home and work.)

~Tim
--
10:28:50 up 177 days, 12:48, 3 users, load average: 0.52, 0.27, 0.20
piglet@stirfried.vegetable.org.uk |Not every discomfort should
http://spodzone.org.uk/cesspit/ |be criminalised. (Bill Unruh)