IT Management Daily
Storage Daily
Security Daily
 FREE NEWSLETTERS
search
 

follow us on Twitter


internet.commerce
Be a Commerce Partner

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers




Security Products
 FB Limiter (AxiomCoders)
 Keylogger Free Download (Free keylogger download)
 Software Keylogger (Software keyloggers)
 Facebook Password Recovery (XaviWare Software Ltda.)
 BlockAllow (BlockAllow)
 AW GoOn (AtelierWeb Software)
» Enterprise IT Planet » Security » Security Features

How Spammers Slip Through

March 3, 2006

Email Print Digg This Add to del.icio.us

You didn't expect spammers to give up without a fight, did you?

Now that you've successfully blocked most of those lewd come-ons, penny stock pitches, and Viagra ads, they seem to be creeping back into your users' inboxes. Right off the bat you'll notice that the subject lines are packed with obvious, if sometimes unintentionally funny misspellings.

As amazing as it is to see those forbidden four-letter words gain exotic new spellings, it doesn't compare to the tricks spammers play within the body of the email. Of course, since text-only spam is a notoriously ineffective vehicle for titillating the masses, most of those tricks are HTML-based.

Don't be fooled, however. Even with plain text you'll often be faced with a barrage of nonsense that seems to have spilled from those ridiculous subject lines. This is designed to normalize an otherwise alarming Bayesian score, letting spam work its way through by counteracting scandalous terms with unexceptional words.

But, surely, the e-mail's content would set off alarms and trigger a block?

It takes some tinkering and time for filtering software to become adept at deciphering the context of a spam message and start weeding out the gibberish. That's why spammers rush to get through this window of opportunity before it closes on them and are forced to adopt other methods.

But it goes deeper than that. Thanks to the miracle (or curse) of HTML email, spammers add elements -- graphics actually -- that alert them to the presence of a real, active email account when the spammer's servers are sent requests for those elements. As expected, more spam follows. Luckily many online email services, along with Outlook 2003, got wise to this tactic and now have automatic image downloads turned off by default.

Even so, you'll find that denying spammers their bounty takes vigilance and some proactive steps. And that's where this AO spotlight comes in.

Learn how to examine the anatomy of today's spam. With that knowledge, and some tweaks to your spam blockers, you'll be well on your way to enjoying a clean inbox again.

Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.

Spotlight Thread:
Spam Methods

DerekK notices that spam is starting to make a comeback...

We’ve been receiving very annoying spam email messages lately and our filters don't seem to work with them.

I've been investigating a little and I would like to discuss about their methods because they come from different hosts and they have really strange words in the body aside from the fact that they always come from different senders with different subjects, of course.

After taking a look at an example, Tiger Shark offers this explanation:

That is classic Bayesian Filter evasion.

Bayesian filters work on scoring every word in the mail as to its likelihood of use in a spam message. Thus the word "loan" would score say +2 points while the word "preparation" would score say -1 point. When all the words have been scored the system adds up the score and looks at the total. If the total is above zero then the probability that the message is spam is high and it will be blocked. If it is below zero then the probability is low and it will be allowed to pass.

And jcjzbrfay makes a debut with this thoughtful analysis:

OK, the img src with a CID:BIG NUMBER HERE is a tracking tool. They (the spammers) have a database with the email address the spam was sent to along with a unique ID, the cid:big number. They track their web server logs, looking for calls to that img, cross reference the email address assigned to that number, and then know they have a live email address. Then you get a ton more spam sent to that email address.

That's one of the many, many problems with allowing HTML in email. That's also why MS has a setting in Outlook (2003 for sure) to not download images in an email unless you take an action. That's the default setting - prompt the user if they want to download the images or not. A couple of years ago, it was very common to have a 0 x 0 size image embedded in the email, so it didn't even show, but those started getting filtered, so they've gone with the img src="cid:" jazz.

Learn more and join the discussion here.

Email Print Digg This Add to del.icio.us

Security Features Archives