[TriLUG] OT: non-sense spam

Marty Ferguson marty at rtmx.net
Thu Jan 8 11:01:02 EST 2004


Yes, I have been.

As far as the "To:" list, I think that it is composed of bogus prefixes
catenated to legitimate suffixes.  I looked closely at a similar header
yesterday.

As far as the GIBBERISH
I believe that this technique is intended to allow the spam to slip through
bayesian filters.  The filters need a new heuristic which looks not only at
frequency of single "words" but also examines context to some extent.

For example, I have consistenly observed that
- The word are all lower case (no caps)
- The patterns are generally unformated with a few CRs thrown in
- No ordnary punctuation (periods, commas)
- (Fairly rare, based on a quick inspection of my training archives...)
   When non-text (HTML or RTF?) formated, often the gibberish text is
   included in FG=BG color, (eg. white-on-white, blue-on-blue) which can
   be detected when you click-drag over what appears to be whitespace

Since I  use pobox, I have spam scoring, along with my (no giggles)
spambayes
plugin for outlook. Neither catch these messages very well, although they
both
positively correlate detection based on the ratio of gibberish-to-content

My 2bits.
Marty

-----Original Message-----
From: Mike Mueller

Anybody getting non-sense spam?

Example:

Subject: bathroom exogenous frilly betwixt

Body:
enzyme introject combustible cartoon considerate octagonal buildup crinkle
headwater loblolly
elect antiquity dumpty fink lobular hotrod entry grassy hubby
mcgovern caramel ephemerides limitation octant coronet finland interject
ontology piper

The To: list is a sequence of mindspring.com addresses whose user portion
have the prefix mjm in common. For example: mjm-58, mjm-st, mjm5

Is this encryption of some sort?  Sending out an encrypted message broken
into several emails and sending copies out like spam, then it becomes harder
to know who the intended target is and what the order of the messages is
supposed to be.  Sending like a spammer also makes it harder to know who the
sender is.

How does one block this kind of spam?  Searching for lack of syntactical
connecting words like "the", "and", "of", etc.?




More information about the TriLUG mailing list