Boing Boing Staging

Classical literature spam: filter de-trainer? Spambot bug?

Spammers are sending out mysterious messages filled with quotes from classic literature. For some time, spammers have culled repositories of written English to provide filter-confusing “word-salads” in their messages; I’ve even gotten spams containing passages lifted from my own online writing. The new messages don’t contain any come-ons for boner pills or porn, which has led spamfighters to speculate that these are either ineptly sent messages coming from spambots that can’t contact the mothership and find out what they should be advertising today, or messages that are supposed to “un-train” spam filters by making them think that statistically normal English phrases are suspect, making spam-recipients so frustrated over false positives that they switch off their filters.

A variety of explanations for the spurt and its source are emerging. One theory, according to several Web developers and analysts, is that spammers are seeking to thwart spam filters by confusing them. Spammers sometimes embed passages of this type of story text, also known as “hashbusting text,” throughout their spam message in a bid to pass as legitimate email. (Spam filters may classify certain mail as spam if its combination of words and phrases deviates too widely from those typically found in legitimate email.) By sending spam consisting only of this story text, they are hoping that users will report it as spam, throw the filters off and make them less able to catch malicious spam later on, according to this theory.

Others, arguing that most spam filters are far too advanced to be thrown off by this technique, posit a different explanation. Richi Jennings, an email security analyst at Ferris Research, a San Francisco-based market-research firm, says the “empty spam” is most likely caused by a communication failure between the server originating the spam and the infected computers sending it.

Most spam is first sent by a host server and then modified and pushed out by virus-infected computers known as zombies. If the host and the zombies aren’t communicating, either because the host has been shut down or as a result of some software glitch, the zombies could be sending blank emails with the “hashbusting text” tagged on, he argues. The likelihood of both possibilities is increasing, he says, as Internet companies remove spam servers from the network.

Link

(via /.)

Exit mobile version