Slashdot Mirror
Copyrighted Haiku Delivers Spam Through Filters
An anonymous reader writes "Remember that antispam company that includes a copyrighted haiku (which I can't quote here due to copyright reasons...) in emails vouching for their nonspaminess and thus bypassing spamfilters?
The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones.
Well it seems said haiku has lately been figuring in a large spam run trying to pitch the usual medical remedies for various unfortunate ailments.
What do you think? Is it time to start filtering for haikus or will Habeas succeed in thwarting the spam attack?" We mentioned this brilliant anti-spam scheme last April.
You made the first post
Hey, mother Anonymous!
You proud of your son?
Which would have taken any semi-literate reporter or editor ten second to find on their site. I guess that would have spoiled the illusion of a breaking story though.
If you were blocking sigs, you wouldn't have to read this.
It's an interesting idea, I really hope it'll work too.
:-/
Unfortunately I think they might need to make it so that they couple it with a white-list, ie *all* mail with their signature that is *not* on their whitelist is assumed to be spam... Otherwise there will just be too much spam specifically intended to make their service useless, actually harmful to their customers... There'll even be fake spam designed to be hard to track, just to force people to filter out any mail with their delivery and thus forcing them out of business
This is just plain stupid. Not only are spammers using semi-senceable text, but most of the time my spam contains nothing but plain jibber jabber. I mean, just random misspelled words that dont make a fucking pint of sence.
May all hell be released upon the mastermind that controls this all, I hope the worst upon him from the bottom of my heart to all eternaty.
and I bet Michael bitch slaps this thread to -1 permanently ;)
Darwinian Selection is the governing rule of spam.. If appending a Haiku makes a message 'fitter' it will survive the slaughter more readily and therefore make it into your inbox more often.. until some realises what's going on and combats it with a new filter.. and then the process starts all over again.. :)
For this reason, I think we're going to be fighting spam for a long time to come :)
Simon.
This is the first i've heard of this company. I've been to their website, googled a bit and I don't think I like them.
Is there a filter for "warranted email" from habeas? It seems to me that any email that needs to be warranted must be spam.
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
Unbelievable.
As long as the spammers catch hell for their actions, I'm happy!
SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
About 5 in the past couple days. I noticed the unusual X-headers and finally remembered what it was. Increased the SA score yesterday and now I get none! woot!
I can see this company being semi-successful in taking spammers to court under copyright lawsuits, however like the article says the latest rash is (not suprisingly) zombied broadband hosts, making their chances of finding someone to sue almost nil.
I just checked through the mail I've received in the last while, and there is only one newsletter I am on using Habeas -- other than that, I have only received Habeas headers in spam.
Guess what my bayesian filter is going to start thinking of those headers soon... this could prove to be a problem for them if they don't get things fixed ASAP.
SSL Certificate
Winter into spring
brightly anticipated
like Habeas SWE (tm)
Either this is not a haiku, or "anticipated" now has six syllables and the product is pronounced "Habees swee".
In theory the Habeas scheme is very clever. It's difficult to get spammers under any anti-spam law (where they exist), so change the ballgame so that you can prosecute under copyright law instead.
Unfortunately though, I suspect it's going to be difficult to track these people down, and even when Habeas do, they will need to mount a prosecution in another country - wherever that happens to be. The spammers may even win given that each country enforces copyright laws differently.
According to the statement given, the latest version of SpamAssassin should be able to filter these out. We're running what I think is the latest (2.61) and it still seems to be letting them through - thanks to the Habeas mark. I'm beginning to think I should just disable the Habeas rules completely and let these get scorded normally.
Looking at my spam-box, I find the usual stuff:
From ukKimble@mailthat.net Tue Jan 13 00:43:36 2004
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE)
(tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to .
Subject: Fwd: V|@gra, Vali(u)m, X(a)n@x. Prescribed Online and Shipped
... and finally, the real information as far as I'm concerned in in the last header:
X-Spambayes-Classification: spam; 1.00
So whether the spam is "legitimate" (is there anything like that?) or not, SpamBayes doesn't seem to have much trouble with it.
Support a Europe-related section on Slashdot!
I will be interested to see how this pans out. I think they could really be onto something here.
Copyright does seem to be the hot topic round here at the moment doesn't it? (RIAA...SCO...)
my sig could kick your sig's arse...
Joe-Jobs are made to order... Just send a bunch of mail through a rooted proxy, advertising the competition's stuff, and watch Habeas sic the lawyer dogs of war on your competition. You'd laugh all the way to the bank.
Same type of thing if enough spammers use this trick, the lawyers will be too busy.
Did Habeas actually think this was going to work? I mean, spammers are willing to do ANYTHING to make sure Joe Public reads their garbage. Constantly changing tactics to evade filters, to write viruses specifically to generate more open proxies to send their garbage through, to Denial of Service attacks against those who try to filter out this stuff, to garbage lawsuits. This is nothing compared to those..
People Talking in Movie shows.. people smoking in bed.. people voting republican.. GIVE THEM A BOOT TO THE HEAD!
Seems they were hacked
Norton Spam Filter 2004, now with haiku filtering! Guaranteed to filter 100% of spam, as long as the Internet doesn't resort to copyright infringement...
You know I really tried, but I just can't weave a SCO comment into this message...
The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones.
Which should read:
The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent laws that are difficult to enforce instead of the weaker laws which have proven so hard to enforce.
I'm amused by the idea, but it seems to me that if you couldn't get (find) them under anti-spam laws (especially the newest ones) then how could you get them on copyright laws? Are the new anti-spam laws so lacking in punishment that they pale in comparison to copyright laws?
The Habeas mark is just a way of making money, it has nothing to do with opt-in or responsible e-mailing. I've tried to contact Habeas in the past about a company that used their mark, while they did not correctly verify their opt-in mailadresses. There was no reply (and IIRC, their web form didn't work at all at the time).
my other sig is a 500 page novel
When people spend an eternity not making sense
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The bastards evidently used my e-mail address as the spoofed sender for some of them (I don't think they like the fact that I report them to spam cop & the ftc). Their website points to www.pharmacourt.biz.
Y KGEpbk B4LA==?= Som@ .
vvvvvvv bounceback example below vvvvvvvvvvv
Date: Thu, 15 Jan 2004 20:09:15 -0600 (CST)
From: "Internet Mail Delivery" Add to Address Book
Subject: Delivery Notification: Delivery has failed
To: xxxx@xxxxxxx.com
This report relates to a message you sent with the following header
fields:
Return-path:
Received: from ims-ms-daemon.nlpmail02.prodigy.net.mx by
nlpmail02.prodigy.net.mx
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
id
(original mail from xxxxx@xxxxxxx.com); Thu, 15 Jan 2004 20:09:15
-0600 (CST)
Received: from nlpproxy06 (nlpproxy06.prodigy.net.mx [148.235.52.96])
by nlpmail02.prodigy.net.mx
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id for
kelvin@prodigy.net.mx; Thu, 15 Jan 2004 20:09:14 -0600 (CST)
Received: from d57-133-185.home.cgocable.net
(d57-133-185.home.cgocable.net [24.57.133.185])
by smtp.prodigy.net.mx (iPlanet Messaging Server 5.2 HotFix 1.21
(built Sep 8
2003)) with SMTP id ; Thu,
15 Jan 2004 20:06:16 -0600 (CST)
Received: from 230.152.186.144 by 24.57.133.185; Thu, 15 Jan 2004
18:01:32 +0400
Date: Thu, 15 Jan 2004 17:57:32 +0400
From: xxxxxx xxxxxxxx
Subject: Want
=?UNKNOWN?B?UElMTHM/VmlhZ3JALFZhbO8odSltLCB
Di3t Pills Many M3ds Nexp
To: xxxxxx@prodigy.net.mx
Cc: xxx@prodigy.net.mx
Reply-to: xxxxxxx xxxxxxxx
Message-id:
MIME-version: 1.0
X-Mailer: QuickMail Pro 1.5.4 (Mac)
Content-type: multipart/alternative; boundary=--143802402998831
X-Priority: 5
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to
Your message cannot be delivered to the following recipients:
Recipient address: xxxxxxx@ims-ms-daemon
Original address: xxxxx@telmex.net.mx
Reason: Over quota
Premiere Source for X:A:N:A:X, V:A:L:I:U:M, V:I:A:G:R:A, S:O:M:A
We believe ordering medication should be as simple as ordering anything else on the Internet. Private, secure, and easy.
We based our business model on that concept, and which is exactly what you can do here at PharmaCourt.
Choose from ff: Weight Loss (Meridia), Men's Health (Viagra, Cialis), Pain Relief (Ultram), Muscle Relaxers (Soma), Stop Smoking (Zyban)and Anti-Depressants (PRozac, Xanax, Valium, Paxil)-->
Next time Alan Ralsky will use copyrighted spam to bypass anti-spam filters. He will sue anti-spam companies and blacklists for including his copyrighted fake sender addresses, and also special characteristics and words like 5p4m or V14gr4.
Classic. These folks are obviously having a bad day. First they get /.'d then there web site gets defaced. Can't say I'm upset about it, infact it made my night.
Ok, so spammers are using haiku. If we only could convince them that harikiri is a spamfilter prevention technique....
This is my sig, show me yours
If they want to up the ante, maybe they should consider using some of the Emperor's Waka Poetry (more syllables == more boring).
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
To disable the Habeas rule, edit file $HOME/.spamassassin/user_prefs
add line
score HABEAS_SWE 0
It's time that we started executing email spammers, and anyone who contracts email spammers.
Spammers are sociopaths. They don't care that their efforts are always, without exception, criminal. They don't care that people don't want their junk. The best thing to do is to kill them and remove them from society.
Hopefully someone will soon snap and put a bullet in Alan Ralsky's head, signaling the start of the true anti-spam revolution and doing a great favour to the world.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
they stole my haiku
my moment of sartori
sold fake viagra
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
I'm confused by all of this. How is Habeus forcing spammers to use their haiku when sending spam so that they can in turn sue those spammers?!
I mean, if I'm going to use haiku to get past spam filters, I'll just write my own instead of a copyrighted one. They take all of 30 seconds to write a decent haiku. Am I missing something here?
More, uh... why would a spammer say "Hey, I'm going to use this COPYRIGHTED HAIKU THAT SPECIFICALLY IS OWNED BY AN ANTI-SPAMMING OUTFIT TO SUE ME OVER" rather than write their own?!
The only way to stop spam is to "affect" the merchants whom outsource to spammers. This will stop the competition between Western merchants and make spamming unprofitable. Everyone! stop the merchants!!!!!
A blog about stuff.
Any /. geeks with basic poetry 'programming' skills here? I have a question:
:
How exactly does the haiku verse form go?
Like this?:
^_ ^_ _
_ _ _^^_ _
_ ^^_ ^_
Please correct me if I'm wrong.
Additional info
Here the copyrighted Haiku - I believe the (tm) is part of it.
Winter into spring
brightly anticipated
like Habeas SWE (tm)
We suffer more in our imagination than in reality. - Seneca
Hey, and I forgot - What happened to the CAN-SPAM ? How long before we have Attacks of the CAN-SPAM-Resistant Killer Spam.
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
Every work created by you is copyrighted. The act of creating something gives you copyright. For instance, I own the copyright on this post.
--
This sig is inoffensive.
Will spam be as large of a problem when the scummier segments of the market (header forgers/system exploiters/porn pushers) are made illegal? It's quite likely that we will learn to live with some forms of unsolicited e-mail on the Internet rather than eliminate it entirely, especially given the personality types that always seem to chase the fast buck without regard to other people's expense.
http://pharmacourt.biz/about.htmlo urt.biz/contact.html
http://pharmac
For future reference, the following self-reproducing header protects you from spam.
X-Quine(c): (Lx.((Lx.x)x)) ((Lx.x)x)
NB:
"The American Haiku is not exactly the Japanese
Haiku. The Japanese Haiku is strictly disciplined
to seventeen syllables but since the language
structure is different I don't think American
Haikus (short three-line poems intended to be
completely packed with Void of Whole) should worry
about syllables because American speech is
something again...bursting to pop.
Above all, a Haiku must be very simple and free
of all poetic trickery and make a little picture
and yet be as airy and graceful as a Vivaldi
Pastorella."
Jack Kerouac
Posted by
michael on 2004-01-19 13:05 and 2003-11-04 19:45
CmdrTaco on 2003-06-11 09:53 and 2003-03-01 21:01
...
(Ok I know this isnt a dupe... :->)
28 days, 6 hours, 42 minutes and 12 seconds... that is when the world will end.
Since they will add the offender's on to the blacklist, make sure you report that spam at http://www.habeas.com/report. That way the next unfortunate receiver of that spam would have adjust their score accordingly.
See: http://www.habeas.com/supportBlackList.html
haiku just go like this:
5 syllables
7 "
5 "
When do we do the driveby???
The main page is still up. The proper way to handle it would be to delete EVERYTHING from the webserver.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I mean, you can't copyright email addresses, per se, but--image the haiku was copyright Joe Random Spammer, and, someone includes said haiku in some antispam software.
Well, now Joe R. Spammer has an excellent infringement case against Antispam Inc., especially if JRS has otherwise CAN-SPAM legal spam (or, maybe, just legal spam in another country... Berne Convention Copyright baby).
You beat the filter
You have viagra for sale
Now taste the bullet
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
OK, I hate spam as much as the next homicidally enraged Slashdot reading spamee. Habeas' business plan though is legally dubious at least with respect to copyright law. The trademark thing, though, just might fly.
The purpose of copyright law is to protect original works of expression. There are also built in limitations the most notable of which is fair use. There is no bright line definition of fair use but quoting a few lines of Haiku hardly seems unfair. The attempt by a private party to turn copyright law into a de facto anti-spam law is not likely to be upheld. Congress wrote a copyright law. Congress also wrote an anti-spam law. If Congress wanted to use copyright law to stop spam, it presumably could have figured out how to write such a law. It did not.
The trademark angle is more promising. The purpose of trademark law is to identify the source of goods in trade. Insofar as Habeas' goods are emails that it warrants are free of spam, it would be a trademark infringement for another company to identify the source of their spam as Habeas.
What is this? With all the other vibrant posts on slashdot, it's had for me to even consider what would be worth censoring. I smell evil.
Please note that there is not such domain as pharmawharehouse.biz. Habeas has missspelt the name on the web page, the proper domain is pharmawarehouse.biz.
Unselfish actions pay back better
Or am I mistaking the idea, that I should be using one of their Haikus in all of my mails, so that I don't get filtered? So either I have to pay them for the right to use it, or they can sue me at any time?
Interesting idea, but not likely to work. The biggest problem is that usually we can't identify the spammers anyway, so we couldn't sue them either.
...instead of blocking the spam everyone should just reply to each message and then go and visit the site(s). The slashdot effect should take care of their servers for the next day or so. When then come back, we repeat. To make this the permanent solution there could be a link to the spam site of the hour next to every post on slashdot.
And after all, who wouldn't want a penis extension, loads of porn and some viagra after a long day at work?
Now, we've seen spammers use a copyrighted poem in their spam headers. I'd like to know how much they're worried about being taken to court about this. After all, they're not exactly on the right side of the law already...
(1) They subvert other people's computers to relay spam: illegal in most juristictions.
(2) They send out viruses and worms to break into other people's computers: illegal in most juristictions.
So, if they're already doing two illegal things, why should they worry about a third?
Agrajag: "Oh no, not again!"
Has someone of the slashdotters already hacked the pharmacourt.biz site?
This is what I find at their products page: We are some stupid spammers!!
Like a dying wind Habeas screams to the sky But they're still worthless Experience says The Habeas Haiku means "This Message is Spam" Habeas Haiku To some, touching poetry Me, I filter it.
Who modded this insightful? You obviously don't know what this is about.
It works like this:
The haikus are copyrighted by Habeas. Their customers pay for the right to include them in their mail headers, which will let that mail go straight through spam filters.
If a spammer uses a copyrighted haiku, Habeas put them on a block list, which is checked by Spamassassin.
Unlike other RBLs, Habeas can then sue spammers for copyright infringement, and win. It's one way of making money and kick some butt at the same time.
If you don't like what they are doing, turn off the haiku rules in your spam filter.
Simple enough for you?
The Habeas plan
Most ineffective effort
Ever to stop spam
(c) 2004 Mabu
ALL RIGHTS RESERVED!
The haikus do not have any real creative value. They exist for a purpose I do not believe the legislators in most countries had in mind when they wrote the laws.
People are not interested in the value of the haikus. People are just using it as a key to check for clean mail.
Using copyright law in this context is imho pervertion of the law.
Purpose might or might not be an issue for the law depending on country.
Just give the spammers jailtime for spamming.
You are Mister T.
I claim my five pounds.
PS. Someone stole your van.
The Habeas Infringers List seems to be effective and well updated. I've received a total of 13 spams with the Habeas headers, and 11 of them scored +4 for spam like so:
HABEAS_HIL (4.0 points) RBL: Sender is on www.habeas.com Habeas Infringer List
The problem is that not enough legitimate mail contains the warranty. More commercial licensors would give Habeas greater resources to track infringers and would also make the Habeas mark a much better indicator of spam.
Main article refers to a spam attack started in 2004, your link refers to a spam attack in 2003, so i find it unlikely that they are referring to the same case unless habeus have a time machine.
Now comes the spam wars... Once again, a specific problem that must be solved: "How do we develop a method of letting legitimate mail get to us while filtering out spam with a minimum of error?" We don't have the government throwing billions at it, but because it affects the general public, there's an inordinate amount of businesses, academics, and hobbyists throwing brainpower at it.
Despite all the talk about keys and legal threats, verifications and warrants, they just provide hurdles to be overcome, not true barriers to spamming.
But you could train a person to screen your mail with a better level of efficiency than any spam filter on the market today. And that person could catch new spam tricks before they ever got through to you.
As we continuously try to develop better and better filtering systems, I believe that the war against spam could well be be our most prolific source of advances in artificial intelligence. Spammers will throw (purchased) brainpower at coming up with ways to defeat filters and filters will have to get smarter in response.
I know, I know... You could say that I'm looking for the silver lining in this hailstorm of unsolicited pitches. But really, am I so far off? We've got a problem, we're throwing resources at solving it... like the space race, like the arms race, technologies will come out of the spam race that will have amazing implications for our lives.
I hate spam. I would love to be left alone in a room with a spammer, a car battery, and some jumper cables. But at the same time, it's sort of neat to be watching this battle progress.
Greg
Start a happiness pandemic
LOLOL
ROFLMAO
STFU Fag
Post: Sigged, for your pleasure.
It would be foolish to turn off the habeas checking in spamassassin, or otherwise filter out based on the habeas mark for 2 reasons:
/pharmawharehouse.biz/
/pharmacourt.biz/
/valuepointmeds.biz/
1) Habeas has shown a commitment to actually *EXPEND* The resources to go after spammers. If you dimish the value of the habeas mark by filtering out email with their mark in it, then they have nothing to protect. I personally don't have time to go after spammers. Anyone who has a proven track record of winning against spammers (which habeas has) should be encouraged!
2) There is a large number of users who have added the habeas mark to their e-mail headers based on the assumption that it was a protected mark that would ensure their mail *WASN'T* filtered out. If you start filtering on that mark you *WILL* falsely filter out a lot of legitimate mail.
A previous poster named Mehu, posted an excellent solution to the problem if you're using spamassassin:
"So, rather than just add a score of 0 for HABEAS_SWE, I figured I'd give them a chance & added the following to my ~/.spamassassin/user_prefs, which takes care of the current rash:
body PHARMAWHAREHOUSE
describe PHARMAWHAREHOUSE Link to pharmawharehouse.biz
body PHARMACOURT
describe PHARMACOURT Link to pharmacourt.biz
body VALUEPOINTMEDS
describe VALUEPOINTMEDS Link to valuepointmeds.biz
score PHARMAWHAREHOUSE 10
score PHARMACOURT 10
score VALUEPOINTMEDS 10
Looking through my mail, it turns out some of my valid mail actually does contain those headers (would never have noticed them), and a few spams, even w/ the haiku headers, have been blocked by HABEAS_VIOLATOR (RBL: Has Habeas warrant mark and on Infringer List), so the company does appear to be doing its job.."
-Chuck
*Condense fact from the vapor of nuance*
I think it is time that we look into developing a real solution to spam.
The problem is that, just like the postal service, you can put whatever you want for a return address on the outside of the envelope and drop the letter in one of those blue mailboxes and it will get delivered without anyone in the process caring.
Currently, everyone is trying to figure out what the magic bullet is to fix this at the delivery end. But no one has bothered to think that it is the process itself that allows this to continue.
Therefore the solution is that SMTP needs to be changed.
An idea would be to maybe offer a secure transport in which every part of the process puts a certificate into the message and a corresponding entry in a log. (Yeah, I know. Alot of overhead per hop but...) The idea would be that if you got spammed that would be a path to follow back until it broke. That server would then be checked for the origionation of the message and the problem fixed. This would thereby for your email address to be real before it was sent and the path would be traceable back to you.
Well, that is my 2.
Anonymous Coward who can't find his username and password cause it is in my email at home.
i saw slashdot in my refferer links so i came here and see all these anti-spammers telling me how it works and giving me great tips on how to make my spam get through the filters
and i get free advertising here as thousands of techies will visit the links
thank you very much
A.Spammer
Their customers pay for the right to include them in their mail headers, which will let that mail go straight through spam filters.
You just said it yourself, genius.
Go think about it.
Several of my friends on a mailing list retain a large corpus of emails for analysis (a couple years worth, many tens of thousands of emails).
After seeing this, they went through and determined that they had NEVER received a ham email with this in it, but had started receiving spam with it.
As a result, they now have added SpamAssassin rules to make this be a near-sure indication of spam.
The only solution to gettting rid of the majority of spam is to only allow email from people you put on your list. It would be a pain in the ass, but I'd bet alot of people would rather do that then sort through the hundreds of emails they get a day.
My sig of choice is Marlboro
> Now comes the spam wars... Once again, a specific problem that must be solved: "How do we develop a method of letting legitimate mail get to us while filtering out spam with a minimum of error?" We don't have the government throwing billions at it, but because it affects the general public, there's an inordinate amount of businesses, academics, and hobbyists throwing brainpower at it.
Develop an AI that can read your mail and decide if the sender wants money. That way you can filter out hit-ups from your deadbeat friends, as well as spam.
Sheesh, evil *and* a jerk. -- Jade
I decided to actually read a spam yesterday. What I found was amazing: Almost every other word was not spelled correctly. Random characters seemed to be inserted throughout. Now I need to ask myself, why wasn't this picked up by spam filters? How much more obvious can you get?
1) is the subject matter adult? yes
2) is it written like a five year old? yes
This doesn't seem that hard to me.
I know you disguised it as a public service announcement, but anyone who sets their site or sig to Last Measure is an enemy. DO NOT TRUST THOSE WHO PUSH LAST MEASURE! MOD PARENT DOWN
At least pharmacourt.biz is still responding to well - c'mon, let's /. these spammers like they are /.ing our email accounts!
#!/bin/sh /dev/null /dev/null
while true; do
wget http://www.pharmacourt.biz/ -O
wget http://www.valuepointmeds.biz/ -O
done
Nice rip-off of Edgar Allan Poe's "The Raven" :)
"Want some rye? 'Course you do!" - Return to Zork
haiku, what's it about? is it good or is it whack?
My ISP doesn't have any problems, and I don't either. I've got 7 public addresses, including those on 3 different websites, I get fewer than a dozen spams per month, out of 300 or 400 legitimate ones.
The trick is to spend a little folding green for a real product. One that has thresholds, white and black lists, and a quarantine from which to rescue or kill mail. And there are commercial products for BSDs and Linux, not just Exchange.
Free can be great, but sometimes it pays to buy a polished product. This is one of them, and this is a phony article.
I think the 5,7,5 comes from where Japanese used only this many characters (which does NOT map to syllables).
It is most common to use 5,7,5 syllables in english, though it isn't a do or die rule. 17 (total) syllables is most common, but I have also seen 14 and 12 syllables. I have seen 3 lines (most common) as well as 1 and 2 lines (Note: the 1 liner was 17 syllables long).
I have a friend that wrote a haiku in a contest and got a "didn't follow the rules" award. I don't remember what he did/didn't do, but he displayed the award like the leg lamp in "A Christmas Story".
Why not have /. display a spamvertized website each week and all us spam-hating-/.-regulars can visit this site each time we visit /.? I'd actually be inclined to make a script that would download the new link once a week and requests the page say every hour or so. And of course would pipe the site directly to /dev/null. That way spamvertized website would have a week of greatly increased bandwidth-usage. That's what will cost them, since bandwidth still isn't really cheap.
:)
The Slashdot-effect for fighting Spam! Let's make them pay!
"Want some rye? 'Course you do!" - Return to Zork
Unpossible!
What I don't understand is why the story inlcudes the links to the sites advertised in the spam. I understand that you provide links etc when you submit a story but this is going too far
The article states..
/., antivirus, or any type of response or description from anyone including the popular security mailing lists. Do these networks really exist somewhere? I would think if they were really that common and easy to setup and control, the security community would have more details on these things and more dialog would appear in the security community about them. Maybe it is common knowledge to everyone except me, if so, lucky thing I am not doing IT security..
It is interesting that this spam attack appears to be originating from a distributed set of zombie cable/DSL modems that someone likely took over in a past virus attack.
Can someone describe one of these "Zombie" networks or exactly how common they are. I frequently hear from an attacked party claiming a zombie network is responsible for something but never hear the a single vendor, firewall, ISP, OS,
Bad boys rape our young girls but Violet gives willingly.
Not quite, the spams are selling a product at some point, someone is somehow receiving payment for doing the advertising and there is where you get them, whether it be the actual spammer or the company being advertised.
But what happens when your competitor decides to send out spam in your company's name? Habeas files suit against your competitor.
In fact, I can see spammers sending out a LOT of "bogus" spam with the haiku headers in order to get Habeus tied up in so many misguided lawsuits as to bankrupt them or otherwise marginalize their threat.
Sure, it's a cool idea, but the execution is fraught with problems.
Thanks for the tip -- I had originally turned off scoring for Habeas, but I felt like I was giving in. Didn't occur to me to look for a common URL...
Carousel is a lie!
I'm not sure how serious you are, but since even a stopped clock is right twice a day I'll have to agree at least with the literal interpretation of your posting.
If law enforcement generally were applied to the sellers of spamvertised products, spam would become far less of a menace. Most spamvertised products are prima faciae illegal (ie, you can't get prescription medications without a prescription), false advertising (a sugar pill won't give you a 12" penis) or are actually just fraud schemes to take money and not deliver a product.
Tracking down email senders is extremely difficult due to header forgery and the use of zombies and other kinds of compromised systems. But just about all spam will take a credit card, which should enable tracking of a financial trail to the sellers. If the Feds would make a RICO case out of it, they could ensnare just about anyone with their finger in the pie, including the spammers, who I'm sure would be fingered by sellers caught in the net.
A few RICO cases that put the squeeze on ISPs, banks handling their financial transactions, spammers, and most importantly, sellers and suppliers of these products would have a pretty significant effect on the whole "scam 'n' spam" business environment. I think there's probably some otherwise legitimate players (ISPs, banks) participating in this field behind the scenes, and some negative exposure in a few of these cases could close the door to a lot of "operators" who need access to the legitimate economy in order to operate.
It's pretty clear that nobody likes spam, but the fact that there have been no high-profile FBI/Treasury/Commerce investigations into some of these things really puzzles me. It may be that the investigations have been done but this angle was deemed not fruitful (doubtful), resources aren't available due to the war on terror (more likely, but not entirely credible), or political pressure has been applied by heavy corporate players to keep their shady business segments viable (somewhat conspiratorial, but believable) -- yet even these theories don't explain the lack of credible, visible efforts on the part of Federal law enforcment to crack down on internet fraud.
Five for the first line Seven for the second line Then five for the last
Argh
Five for the first line
Seven for the second line
Then five for the last
I was going to submit this story, but I was going to wait 'til they announced the public execution of the guy who is single-handedly destroying faith in their business model.
I noticed the surge last week, and set Sylpheed, my email client, to automatically forward any spam with those headers to reports AT habeas DOT com.
SpamAssassin dumps the spam it catches into a single folder, and Sylpheed lets you add processing rules for that folder, so they get forwarded on automatically.
I figure if they do track down the offenders, each extra instance will give them more of a punch in court.
Vs lbh pna ernq guvf, ybt bss abj. Tb bhgfvqr. Syl n xvgr.
If the email is signed cryptographically by a known good source it gets through. If it is not it gets the whitelist treatment.
No public magic words but solid mathematics will win.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
ran a nessus scan against pharmacourt.biz here's the results. IIS 5 has support for the Internet Printing Protocol(IPP), which is enabled in a default install. The protocol is implemented in IIS5 as an ISAPI extension. At least one security problem (a buffer overflow) has been found with that extension in the past, so we recommend you disable it if you do not use this functionality. The IIS server appears to have the .IDA ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .IDA (indexing service) filter. This is detailed in Microsoft Advisory MS01-033, and gives remote SYSTEM level access to the web server.
It is recommended that even if you have patched this vulnerability that you unmap the .IDA extension, and any other unused ISAPI extensions if they are not required for the operation of your site.
The remote web server type is :
Microsoft-IIS/5.0
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtaina graphical login (and therefore act as a local user on the remote host).
radmin is running on this port.
Make sure that you use a strong password, otherwise a cracker may brute-force it and control your machine.
You're not too smart, are you? What's to stop a spammer from purchasing their services? Huh? I'm sure habeas doesn't check every single email that is sent to confirm that it isn't spam... dip...
How about I make my email address... HaikuIsAnArt.SuchAsThisEmailAddress.DoNotSendMeSpa m@MyDomain.com and therefore they couldn't use my email address without my permission which means they can't email me?
i've always been of the opinion that content checking to stop spam is not the best way to go. Besides the load it puts on the server, it doesnt stop the spammers from wasting your bandwidth, and all the clever spammer has to do is figure a way to beat the content scan. On the other hand, the proper mix of rbl's and agressive firewalling of spammy isps *cough-uunet, xo, c&w, any of the telcos-cough*, and spammy countries *cough-korea, china, and latin america-cough* really cuts the spam to an absolute minimum.
Thats why i dont munge my mail address here on slashdot. I WANT the dumb ass spammers to harvest it so i can improve my firewall lists even more. Anymore, i maybe get one or two spams a week that make it all the way past the rbl's and my firewall.
Lawyers, MBA's, RIAA? A jedi fears not these things!
At what point does their work lose copyright status due to this use? Or can it? It seems that the poems are not being used as a creative expression, but rather a mechanism. You won't even see it unless you like to view all your email headers. I would hope this is a valid legal arguement against this practice. But IANAL. Not that I like spam either, but this could lead down a very bad path. You think patenting codecs is bad? Just think if a bitstream is required to include a copyrighted pass phrase to be used in a "compliant" player.
They've actually censored some guy once because the secret service got into the action (he posted about detailed plans to kill a prominent political figure). That was confirmed legitimate as the message was replaced with one in red that said "THIS MESSAGE HAS BEEN REMOVED".
register the domain MyEmailAddress-IsCopyrightProtected-DoNotSendMeSpa m.com and provide email addresses. The more people that sign up, the more potential spams to come in and violate the copyright. Therefore the bigger the lawsuit. Step 3: profit.
Where is 575,
Slashdot master of haiku?
Did he get a life?
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
There's a catch-22 to this situation. Spammers, while their product/customer isn't always unknown, tend to hide behind false fronts and cracked servers, etc.
Now, if I am using a spamfilter with a copyrighted Haiku in it, a spammer has to identify him/herself in order to sue me. In doing so, he/she is open to legal retaliation for sending me unsolicited spam (assuming I'm on a Do-Not-Spam or similar legislation exists locally), as well as possibly more if they are using methods of deception, cracking, or other dubious activities.
So, they sue me for using the Haiku... likely at most I would have to remove it. Then, everbody who has been joe-jobbed, hacked, and illegally spammed has the ID of a spammer to go after.
No, I don't think this will work.
Is it time to start filtering for haikus or will Habeas succeed in thwarting the spam attack?"
It is time to start ignoring the Habeas mark. Good for them that they are trying to track down the infringer, who used a network of compromised zombies to spread the spam. Meanwhile, the HABEAS_SWE rule in SpamAssassin is letting the spam through. Until SA is upgraded to recognize when a lawsuit is pending, the HABEAS_SWE rule gets a score of zero.
I will no longer trust 3rd parties to tell me who is being good.
Edith Keeler Must Die
As it is, there is no easy way to check if someone is a licensed user of the Habeas headers.
Habeas does have DNS whitelist that could be used to verify usage, but you have to go through the hassle of registering to use it. No thanks, I have enough administrivia to do.
It is trivial to fake habeas headers, and there is no easy way to verify. I give the service a short lifetime in its present form.
Compare Habeas with Bonded Sender. Instead of depending on pursuing spammers with copyright law, Bonded Sender runs on cash. The sender puts up a cash deposit, and when people complain of spam, they lose cash. And it's easy to check if the sender is on the bonded sender list.
And in a stroke of intelligence, Bonded Sender doesn't count AOL complaints as valid. You need to have a slight clue before your complaints count.
...is not haiku or any other kind of rearrangment of normal speech. What's pouring right through my filters are messages consisting of just a half-dozen lines of random English words. No sentences, no advertisements, no links, nothing but everyday words.
It's a fairly clever attempt to poison the Bayesian filters. Either I associate these words with spam and risk losing legit email, or I loosen things up and let more real spam slide through. It's frustrating because there's absolutely nothing I can do about it.
[insert long ranting call for vigilante bullet-to-the-head-style action here]
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Take them by surprise by sending them the spanish inquisition - surely they wont expect that?
err, you mean stupid?
Yes.
A few thousand forged HABEAS spams later at -8.0 a pop, you will also have a huge corpus of spam e-mail tokens poisoning the ham portion of your Bayes database because Spamassassin auto-learns ham and spam scores.
Put two and two together, and your protection against every other piece of spam in the world is significantly lessened.
This is devilishly clever. And my personal mail server is being crippled by the amount of spam that's now passing through my most stringent filters that would ordinarily have eliminated close to all of them.
5-7-5. Plus you need the nature element, and to convey a feeling, etc. etc. if you do "real" haikus.
How to say it so / that it can be grokked well / have an example .
Under the CAN-SPAM act, ISPs can sue. If you read the definition of an "ISP" in the act, it's clear that a mail processing service like SpamCop would qualify. What's needed is a paid service like SpamCop that files at least one high-profile lawsuit a month, increasing to one a week as volume builds up. That would make a dent.
When I checked on net.admin.net-abuse.sightings, there are several hundred of these reported, and NONE of them use our domain. Checking a few at random, it looks like they are using many many many forged domains, so we are just getting the bounces from a tiny fraction of these these.
I'm pretty sure that was Kuro5hin, not slashdot. If you can provide the link, though .. that would be interesting
This won't work legally. The situation of older Nintendo and Sega games that required the Nintendo (or Sega) logo be encoded into the game cart in order to run was done for the same reason. A court determined that Tengen reproducing the logo without authorization in their cart was not infringement. They still lost their case, but for other reasons.
If it doesn't scan correctly, it is deemed spam.
I've gotten a few dozen spams sent using Habeas. I quickly set up a couple filters to siphon off messages with Habeas headers into a separate folder, then I would look through them, and manually apply another filter to forward the spam to Habeas's reporting address.
I sent the last two reports this morning, and since then Spamassassin has caught at least one message that has been blacklisted by Habeas...maybe the tide is starting to turn.
I posted this question last week about spam with Habeas headers, but it got rejected :( I am glad to see the word is getting out though. I have yet to get any valid email with Habeas headers, so I no longer give any special consideration to Habeas headers. I believe this problem will get worse as Habeas can not catch every spammer that is forging the headers. You can change the HABEAS_SWE rule to give 0 points instead of the -8.0, and whitelist the valid habeas or add a custom rule to just add the points back, or write custom rules for the violators. I chose just to add the points back with a custom rule. I also whitelist valid email lists. One thing you will need to watch carefully for is the AWL rule. The forged Habeas headers can cause the spammer to get whitelisted and the AWL rule will subtract points from the spam score. If you see a negative score on AWL on a spam, save the spam (headers and all) to a file and run sa-learn --spam file.name This should unlearn it as valid email and learn it as spam
Sorry, but censored posts get deleted. Never a message.
-8.0 HABEAS_SWE Has Habeas warrant mark (http://www.habeas.com/)
16 HABEAS_VIOLATOR RBL: Has Habeas warrant mark and on Infringer List
[193.216.134.203 listed in sa-hil.habeas.com]
this habeas-spamassassin problem just touches on a bigger problem:
rules are brain-dead.
spam rules work today, but what about tomorrow? what about in a month?
i got several pieces of spam for two days before i said enough and gave the habeas rule a score of zero. all spam email were labeled 99% spam by spamassassin's bayesian rules.
then the next day i had spamassassin label an email from a friend as spam (good thing i check my incoming spam folder!) purely based on rules. spamassassin thought my friend's return address was forged because the return address was juno.com, but he didn't use a juno.com smtp server. unusual? yes. spam? no. bayes declared the email as ham.
i belong to several company mailing lists (compusa, buy.com, circuit city), that could easily trigger spam rules, but my bayes training recognizes them perfectly as ham. and my bayes training identifies every piece of spam as spam after seeing a pattern in three or four emails. static rules can never adapt (except between versions of spamassassin; great, get on the hamster wheel of upgrading).
i'm almost driven to find a way to disable all static rules, leaving only the bayes rules.
rules are dead! long live bayes!
That passage was related to the Habeas Whitelist and not the Habeas Haiku . It is a License Agreement and has nothing to do with copyright infringment . Furthermore, it only specifically covers situations where people attempt to blacklist sites on Habeas' whitelist ; somthing no sane admin would ever want to do.
Please tell me you just made a mistake, and aren't smoking some really, really, really strong crack.
Like the shifting wind
Some things must happen again
Nothing to see here
Here's the rule I used:
It requires both an HTTP link to one of the spammer's sites (gleaned from the ones I got) as well as their use of the Habeas SWE.
Americans are really stupid.
They all think it's so cool if they can write a haiku. Sheesh. I'm sick of it already.
It doesn't really "poison" the filters, because there are just wayyyyyy too many posible words for this to work. Bayesian filters assign a huge probability of spamminess to every word in a spam email and an exceedingly low prbability of spamminess to every word in a non-spam email during training. If a word appears in both, it just averages out. Over time a given word will appear only once in a spam email with a bunch of random words, and many times in non-spam emails, and therefore after some time (or even pre-emptively) the good words will be recognized as good. The more training, the better; poisoning has little chance of success as long as there's at the number of good and bad emails going in are within an order of magnitude of each other.
That's not to say the technique doesn't help the spammers in the short run; it probably gets past less sophisticated and trained filters.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
http://slashdot.org/comments.pl?sid=28127&cid=3023 341
Muse! Linus Torvalds
prefers to pronounce Linux,
as Linux, my friends!
Tux, well-known penguin,
was made by Larry Ewing,
for every Tux fan.
Microsoft, bastards,
brought us Windows 95,
better than XP.