Hidden Messages in Spam

randomwalker writes "There was an extremely interesting presentation at the Blackhat Windows Security Conference in January by Dr Curtis Kret entitled Nobody's Anonymous. In his presentation he showed how information about spammers can be determined. In addition he showed that some spam is being used as a covert communication channel. This presentation demonstrates how to apply data forensics to spam in order to identify the sender of specific spam messages. Some senders can be identified by name, while others can be distinguished by attributes such as preferences, nationality, religion, and even left-handedness. Four spam categories are provided that classify spam by function, including List Makers, Scams, and Covert Communication channels. The examples provided include full-disclosure case studies: a phishing gang that targets bank customers with malware and impersonations, and an IRC group that uses spam as a covert communication channel."

Sublime!

This post contains a hidden message.

Re:Sublime!

[momerath2003]

Well, this is what I see:

"There was an extremely interesting fnord presentation at the Blackhat fnord Windows fnord Security Conference in January by Dr Curtis Kret entitled fnord Nobody's fnord Anonymous. In his presentation he showed how information about fnord spammers can be determined. In addition he showed that some fnord spam is being used as a fnord covert communication channel. This presentation demonstrates how to apply data forensics to spam fnord in order to identify the sender of specific fnord spam messages. Some fnord senders can be identified by name, while others can be distinguished by attributes such as preferences, fnord nationality, religion, and even left-handedness. Four fnord spam categories are provided that classify spam by function, including fnord List Makers, fnord Scams, and fnord Covert Communication channels. The examples provided include full-disclosure case studies: a fnord phishing fnord gang that targets fnord bank customers with fnord malware and fnord impersonations, and an IRC group that uses spam as a fnord covert fnord communication channel."

The next thing ...

[jobbegea]

The next thing they try to sell to you will be Tin Foil Hats

Re:The next thing ...

[baudilus]

Someone's already beaten you to the punch.

When this guy figures out that he can actually sell these, watch out now!

font size.

[Stud1y]

i like the new spam that has all of the size .5 font text at the bottom. i always have to read it.

Spam = Covert communications

Are they covertly talking about getting V!agra or Cia|is? I hate that. Just send me a real letter asking!

Re:Spam = Covert communications

[AndroidCat]

So they have a covert communication channel to my /dev/null? I knew it! I'd better buy that software that promises to shred everything stored there.

Re:Spam = Covert communications

[Frizzle+Fry]

Because it might not be you personally who decided to filter the word viagra. For example, if your using a hotmail or yahoo account, that word is going to make the mail more likley to be flagged as spam and go to your "bulk mail" folder (I would think). Similarly, you might have installed a third-party spam filter (or your isp or workplace might be using one) that looks for words like this. The fact that "viagra" mail isn't going to reach the enduser doesn't mean that he has personally decided to kill all mail to his account about viagra.

Hidden food value in spam?

[Smallpond]

The Bible code was bad enough. Now we have people looking for messages in spam? Look! Played backwards it says "I buried Paul".

Re:Hidden food value in spam?

All the important stuff is hidden in the Dead Sea pop-ups.

Re:Hidden food value in spam?

[Bigman]

"Ecuas Yrrebnarc" is well known as the freedom slogan of the Latbavarian slaves, cried mournfully in the midst of the night from the moon-gilt slopes of the Ytterbrius mountains, calling for their gods to save them from the penuary of slavery.
But I never knew they had e-mail!

hidden message

[Allowee]

guess this is spammers language, hidden in spam

"mortal shut acrid crock cowl bawd hereditary devastate jellyfish brunette flog igor bonaparte tarry townsend discordant near aviv brigantine agnostic padlock cotangent roomy referee debater eve arlene can baroque conceptual italian congressmen infelicity modicum backplane antigen tie hilum seriate convent firewall "

Now this hidden message seems to be about a .. firewall?

Re:hidden message

[Bigman]

Hmm well dividing the message into groups of four, then using the initials of the first 3 words and the fourth word, we get:
MS a crock,
CB H devastate,
JBF Igor,
BTT discordant,
Nab agnostic
PCR referee
DEA can
BCI congressman
IMB antigen
THS convent
firewall

So the words say 'Firewall convent antigen, Congressman can referee agnostic discordant, Igor devastate Crock'. The first sentance says 'MS A crock' which sounds good to me, so maybe this secret group, the 'Firewall convent antigen' are being told by the congressman that they can referee the discord between the agnostic discordants and ensure 'Igor' (whoever that is) devestates Microsoft.

Or maybe I'm making it all up!

Secret messages in spam

Of course, there is spammimic which lets you encode a secret message in spam.

Re:Secret messages in spam

[pragma_x]

Note to moderators: this is not a Troll, nor is parent. Encoded reply via spammimic.com:

Dear Friend , Especially for you - this red-hot intelligence
. If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our mailing list . This
mail is being sent in compliance with Senate bill 1622
, Title 9 ; Section 308 ! This is NOT unsolicited bulk
mail . Why work for somebody else when you can become
rich as few as 40 weeks ! Have you ever noticed how
long the line-ups are at bank machines plus nearly
every commercial on television has a .com on in it
. Well, now is your chance to capitalize on this !
We will help you SELL MORE plus decrease perceived
waiting time by 120% . You can begin at absolutely
no cost to you . But don't believe us . Mrs Simpson
who resides in Alaska tried us and says "Now I'm rich
many more things are possible" . We are a BBB member
in good standing . You have no reason not to act now
! Sign up a friend and you'll get a discount of 80%
. Cheers . Dear Friend ; Especially for you - this
cutting-edge information . We will comply with all
removal requests ! This mail is being sent in compliance
with Senate bill 1621 ; Title 6 , Section 306 ! This
is not multi-level marketing . Why work for somebody
else when you can become rich inside 14 days ! Have
you ever noticed most everyone has a cellphone and
most everyone has a cellphone ! Well, now is your chance
to capitalize on this ! WE will help YOU decrease perceived
waiting time by 130% plus use credit cards on your
website . You are guaranteed to succeed because we
take all the risk . But don't believe us . Prof Ames
of Florida tried us and says "I was skeptical but it
worked for me" . We are a BBB member in good standing
! We BESEECH you - act now . Sign up a friend and you'll
get a discount of 70% ! Thanks ! Dear Friend , Especially
for you - this cutting-edge announcement ! This is
a one time mailing there is no need to request removal
if you won't want any more . This mail is being sent
in compliance with Senate bill 1620 , Title 9 ; Section
304 . This is different than anything else you've seen
! Why work for somebody else when you can become rich
inside 97 DAYS ! Have you ever noticed people will
do almost anything to avoid mailing their bills and
people are much more likely to BUY with a credit card
than cash ! Well, now is your chance to capitalize
on this . We will help you SELL MORE & SELL MORE .
You are guaranteed to succeed because we take all the
risk ! But don't believe us ! Mr Ames who resides in
Texas tried us and says "Now I'm rich, Rich, RICH"
. We assure you that we operate within all applicable
laws ! Don't delay - order today . Sign up a friend
and you get half off . God Bless .

Re:Secret messages in spam

[cgenman]

Dear Friend , We know you are interested in receiving
red-hot announcement . If you are not interested in
our publications and wish to be removed from our lists,
simply do NOT respond and ignore this mail . This mail
is being sent in compliance with Senate bill 2016 ,
Title 3 , Section 302 ! This is not multi-level marketing
. Why work for somebody else when you can become rich
within 33 days . Have you ever noticed nearly every
commercial on television has a .com on in it and the
baby boomers are more demanding than their parents
! Well, now is your chance to capitalize on this .
WE will help YOU SELL MORE and SELL MORE ! You can
begin at absolutely no cost to you ! But don't believe
us . Ms Jones of Kentucky tried us and says "I was
skeptical but it worked for me" . This offer is 100%
legal . We implore you - act now . Sign up a friend
and you'll get a discount of 20% ! Thank-you for your
serious consideration of our offer . Dear Professional
; Especially for you - this cutting-edge information
! If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our mailing list . This
mail is being sent in compliance with Senate bill 2416
; Title 8 , Section 305 ! This is not a get rich scheme
. Why work for somebody else when you can become rich
within 57 days . Have you ever noticed nearly every
commercial on television has a .com on in it and most
everyone has a cellphone . Well, now is your chance
to capitalize on this . We will help you SELL MORE
plus deliver goods right to the customer's doorstep
. You can begin at absolutely no cost to you . But
don't believe us . Mrs Anderson of Illinois tried us
and says "Now I'm rich many more things are possible"
! We are licensed to operate in all states ! We IMPLORE
you - act now . Sign up a friend and you get half off
! God Bless . Dear Internet user , Thank-you for your
interest in our publication ! If you are not interested
in our publications and wish to be removed from our
lists, simply do NOT respond and ignore this mail !
This mail is being sent in compliance with Senate bill
2416 ; Title 5 ; Section 304 . Do NOT confuse us with
Internet scam artists ! Why work for somebody else
when you can become rich in 11 days . Have you ever
noticed how many people you know are on the Internet
& nobody is getting any younger ! Well, now is your
chance to capitalize on this . We will help you use
credit cards on your website & process your orders
within seconds ! The best thing about our system is
that it is absolutely risk free for you ! But don't
believe us . Prof Ames of Tennessee tried us and says
"I've been poor and I've been rich - rich is better"
. We are licensed to operate in all states . We beseech
you - act now . Sign up a friend and your friend will
be rich too . Thank-you for your serious consideration
of our offer . Dear Sir or Madam , You made the right
decision when you signed up for our database . If you
no longer wish to receive our publications simply reply
with a Subject: of "REMOVE" and you will immediately
be removed from our club ! This mail is being sent
in compliance with Senate bill 2716 , Title 1 , Section
305 . This is not a get rich scheme ! Why work for
somebody else when you can become rich in 71 days .
Have you ever noticed more people than ever are surfing
the web & people love convenience ! Well, now is your
chance to capitalize on this ! We will help you sell
more plus turn your business into an E-BUSINESS . You
are guaranteed to succeed because we take all the risk
! But don't believe us ! Ms Simpson of Nevada tried
us and says "I was skeptical but it worked for me"
. We are licensed to operate in all states ! Do not
go to sleep without ordering . Sign up a friend and
y

It's true.

[His+name+cannot+be+s]

It is quite true!

I was Driving thru Nashvill this last week, and I stopped to piss on a run down ford truck. This guy came up to me and said "Your taillight is broken"

Re:It's true.

[MisanthropicProgram]

I guess I'm still asleep. It took me a while to get the Dr. Nash ("A Beautiful Mind") reference!

Covert Messages

[dolo666]

I remember studying Thomas Pynchon in school, and upon hearing how his military records and university records were lost, I often wondered if his books were some kind of method of covert messaging, due to the code-like writing style he has, and the ominous history he has. Using spam as a method of communication is useful in the sense that it can be hard to tell who the real message is going to; making it impossible to identify the two points of connection, and therefore limiting accountability and obscuring who is doing the talking; so if Pynchon's books are like this... it would also be impossible to tell who the books were intended to (and therefore the US Mil could contact spies who could be in a tight spot, or informants who may be in a tight spot). The books could also contain a bunch of different messages using different cryptographies, in plain sight, to communicate with multiple agents. This is likely incorrect and way off the tin-foil-hat scale of reason, but the thought did occur to me when I read The Crying of Lot 49, and even more so when I read Mason and Dixon.

Re:Covert Messages

it would also be impossible to tell who the books were intended to (and therefore the US Mil could contact spies who could be in a tight spot, or informants who may be in a tight spot). The books could also contain a bunch of different messages using different cryptographies, in plain sight, to communicate with multiple agents.

Three Days of the Condor is an excellent movie with this very same premise. :) IRL, however, it would be difficult to use something like this for communication.

If, as you say, some Three-Letter-Agency wanted to get a message to a spy "in a tight spot" they would hardly have time to wait for a conventional printing press to run off a mass-market publication. "Tight spots" need to be resolved in days (if not hours), and to send a message through a printing press can take weeks or sometimes a month to run an edition, bind it and ship it to all corners of the earth.

So I doubt anyone's using this technique with dead-tree publications :)

Re:Covert Messages

[sysjkb]

I often wondered if his books were some kind of method of covert messaging...

Around 1920 Edgar Wallace used this scheme in one of his thrillers about "The Four Just Men". One of the group has been captured, and given the high profile of his crimes, he is being held in solitary. In order to pass along the rescue plan to their imprisoned colleague, his compatriots write a travel book that contains the scheme encoded and arrange for it to be reviewed in enough major newspapers that the prisoner can legitimately request a copy.

Yours truly,
Jeffrey Boulier

Beat the Slashdot Spam Filter!

[CptChipJew]

What's the hidden message here?
--

Click here for free V1(4)gr[a]!

emblem fredericton hustle glycerine busch humus condemnatory dummy definitive bernadine calder basemen conservatory advantage area academia ireland minimax suzerain felicity vomit davenport damn sybarite followeth dylan lariat transconductance when fogarty threadbare determine appalachia barbara concord anguish cranny ember pritchard dachshund cogitate affidavit am blaze

-- Copied out of real spam message sitting in my box --

Re:Beat the Slashdot Spam Filter!

[Mr+Guy]

It's from your girlfriend. She says she's unsatisfied with your love life.

Re:Beat the Slashdot Spam Filter!

[JosKarith]

The hidden message is...
...don't use your real e-mail address on newsgroups.

Life is so unfair - my girlfriend gets so much better spam than me. Her inbox gets filled with "Teens Cummin", I get viagra. Are they trying to tell me something?

Re:Beat the Slashdot Spam Filter!

[mosschops]

It's from your girlfriend. She says she's unsatisfied with your love life.

and considering he runs http://www.backdoorjesus.com, who could blame her eh?

Re:Beat the Slashdot Spam Filter!

[OwlWhacker]

From what I can make out, it appears to say:

i w4nt j00r m0n3y dud3!

Al Qaeda!

[Xenna]

Great, now, if we can just prove it's being used by Al Qaeda to help the Jihad we may finally get some political support for getting rid of spammers!

X.

Re:Al Qaeda!

[Xenna]

Usenet would obviously be much preferable to spam for such purposes, that's why messages hidden in spam is such a silly subject. You'd have to be crazy to use spam for this.

But, then again, some people are crazy!

Some not-so-bright fellow in my country decided to extort a company by poisoning food (or something, I forgot). He had this great system devised for transferring the money (it involved sending out the data on a bank card's magnetic strip).

Not bad, since that way he would be able to withdraw the money from ATM's (quite a job considering the maximum) without having to physically receive the card (which would leave him open to arrest).

The moron instructed the company to use steganography to hide this data in a picture of a car. The company should post that picture on a second hand car site in Holland. Then the absolute nitwit used an anonymous proxy to access the data *from his home*!!!!!!!

The anonymous proxy people were easily convinced to let the police have his IP address and that was the end of it.

What he should have done is send them his public PGP key and let them post the encrypted data openly in a newsgroup (labeled as 'secret code for creating ransom bank pass' if necessary) in some popular nude binaries group.

Using steganography in this case is ridiculous.

Nobody can trace a usenet download (especially not in a popular nudies group).

X.

Microdot!

[Short+Circuit]

It's not, perchance, reproduced here: (.)

Tin Foil Hats

[Allen+Zadr]

Maybe, but this might actually mean that the authorities will start putting some actual resources into finding SPAM outlets and shutting them down.

Oh, and Tin Foil Hats are useless - you must use my special patented Irradiated Tin Foil to keep the new mind control machines out.

Re:Tin Foil Hats

[YU+Nicks+NE+Way]

No. He's got a much more forward-looking, innovative, and fully buzzword compliant business plan.

His patent covers the intellectual content generated by, through, or with Irradiated Tin Foil Hats. If you have an idea while wearing one of his hats, or even an idea which can be shown to have been influenced by wearing one of his hats, then he is entitled to a reasonable and non-discriminatory license fee on the results of that idea.

Best: you know about licenses that promise a piece of your first born child? This product makes that literal: if you have carnal thoughts while wearing one of his creations...he gets a partial license on the outcome.

Facts about spammers:

I applied this method to the lastest 100 spam mail and got the following results:

1. 44.3 % of the spammers want to get me rich, too.
   
2. 32.2 % want to enlarge my penis
   
3. 25.3 % want to get me cheap mortage
   
4. 86.4 % can't spell
   
5. 98.3 % have a broken email program which produces defunct email header lines
   

No trouble in tacking them down now.

Re:Facts about spammers:

[fbform]

I applied this method to the lastest 100 spam mail and got the following results:

44.3% of the spammers want to get me rich, too.
32.2% want to enlarge my penis

Unbelievable! I never knew you could get 0.1% precision by analyzing a mere 100 discrete samples of email. Or does the 33rd spammer want to enlarge only 20% of your penis? Or is he only 20% sure that he wants to enlarge your entire penis?

Where is the War On Terror when you need it?

[Mattintosh]

*** BEGIN KNEEJERK REACTION ***
Terrorists could use spam to send messages! Declare war on Hotmail! Nuke MSN! Hunt down the CEO of Yahoo! and tickle him until he talks!
*** END KNEEJERK REACTION ***

Meanwhile, how covert is it if you send it to a million of your closest friends? Heck, at that rate, you could use /. posts to send covert messages.

Dimple monkey twice the pudding octopi for tango man. Very blender shoe, cellular, scooter my daisy heads. Diddley day.

And all the rest of you can kiss your ass goodbye.

Re:Where is the War On Terror when you need it?

[Bender+Unit+22]

The monkey swims in the moonlight tonight.

Not Surprising

[Steve+B]

Wrapping hidden messages in spam is an obvious method of defeating traffic analysis (the gathering and use of information about who is talking to whom, without necessarily being able to read the content of the messages). I would be very surpised if terrorist organizations haven't been doing this ever since spam became voluminous enough to serve as an adequate noise background.

Really, the Feds ought to be hauling in spammers (for violations of all sorts of existing laws pertaining to fraud, computer cracking, etc) and anal-probing them for customer records, instead of wasting time on nonsense.

I already miss spam...

[heironymouscoward]

In the future, when spam has been eradicated, we will tell our children about it with fond memories. "Yes, we got messages like '1ncreas3 y3r p3ni5 5iz3!', and 'v14gr4 n0\/\/!'"

Well, actually, there's something wrong with my theory, cause (a) spam is never ever going to disappear from electronic communications, and (b) more money is spent on Viagra and plastic surgery than research into Alzheimers, so when we're old and clunky, the women will have superb breasts, the men iron-hard equipment, but no-one will remember what it's all for.

Re:I already miss spam...

[hacker]

(b) more money is spent on Viagra and plastic surgery than research into Alzheimers, so when we're old and clunky, the women will have superb breasts, the men iron-hard equipment, but no-one will remember what it's all for.

Actually, Viagra (sildenafil citrate) was originally an arrhythmia treatment (i.e. heart medicine, to help people with strokes and frequent heart attacks). ALL of the money that went into the research of (what is now called) Viagra was there to support a drug for cardiac patients.

Only when some of the clinical trials had less-than-optimal results as a cardiac treatment, and an additional "side effect" of erectile sustainment, was it recast as an erectile dysfunctant treatment. They weren't going to pour the millions they spent on researching the cardiac drug, down the drain, so they recast it as Viagra, and that is what you know today.

I know this, because I used to work with the group responsible for doing the purity/potency testing of this specific compound within $PHARMA.

Also, contrary to popular belief, Viagra does not produce erections . It increases blood flow (hence the original cardiac target). The increased bloodflow helps you sustain an existing erection longer than you normally could. It does not give you an erection.

Aha I knew it!

If you study those emails from Nigeria a secret message is revealed:

"Fat White suckers please hand over your money and I will laugh at you"

To reveal more secrets of spam please send me $200 to:

Mr Okilea Bessei
3 St Lener St
Abuja
Nigeria

Mozilla, it say...

"This document contains no data"

Oh the irony.

Why is this suprising.

[re-Verse]

One of the best methods of not having your communications snooped in on is to use a busy, noisy channel. Communications inside of malls, clubs, whatever. It makes perfect sense. People don't expect sensitive information in soe sort of public form, so they don't listen for it. We're all so sick of spam that we erase it on sight - so if someone wants to use it to communicate - its perfect. It draws a hell of a lot less attention to ones self rather than forming a whole new covert form of communication.

What looks more suspicious - A spam with some seemingly random keywords to throw off the filters at the bottom, or a highly encrypted data transmission on an obscure port. I know what one would make me take notice first.

Re:Why is this suprising.

[re-Verse]

Well thats the thing. An exptremely covert message gathers more attention. Like "Wow - look at that random stream of data from that source - it must mean something because I can't decipher a bit of it - monitor all futher incoming and outgoing communications to that IP", whereas spam - well, like I said, nobody pays any attention - they think its just some slimeball trying to make a greasy dollar off a sucker who knows no better.

I know its ironic, but often the best hiding place is in plain sight.

Re:Why is this suprising.

[sartin]

perhaps i'm missing something here, but if someone wanted to send someone else an extremely covert message, why wouldn't they just encrypt it?

Traffic analysis. Since not all intercepted messages can be decrypted in a timely fashion, one way intelligence is gathered is by looking at the communication patterns independent of the content. Knowing that bad person A sent unknown person B some set of messages (and even moreso noting that they were strongly encrypted) yields a strong suspicion that person B is part of the same bad collective as person A. By sending many messages all over that are noise, the real communication is lost in the noise. Not just the data in the communication, but the data about the communication.

Steganography...

[Lord+of+Ironhand]

... is the technique of hiding certain information in other information. As opposed to encryption, which just makes the information unreadable without the correct key. Steganography & cryptography make a very nice combination since the random-like nature of encrypted data makes it easier to hide.

A google search for "steganography" yields a lot of useful documents on this.

Re:Steganography...

[russotto]

Yeah, and the nature of spam makes steganography EASY. Exactly which mis-spelling is used for a word could encode several bits. Those HTML comments used to obscure could hide entire words, in both content and placement. So could the lists of nonsense words used to defeat SPAM filters.

Re:Steganography...

[Lord+of+Ironhand]

So could the lists of nonsense words used to defeat SPAM filters.

In fact, when I first saw these random word lists the first thing I thought of was hidden communication, NOT defeating filters...

Btw, Usenet also makes a great medium for this since it's possibly even harder to discover the intended recipient (especially when you encode the message in some pictures posted to an alt.binaries.erotica group...).

Quick, start writing

[radiophonic]

"The Spam Code" I'm sure we can sell more than the "Bible Code" Somebody mass-mail the news!

Actually...

[mykepredko]

I would have though properly grounded tin-foil gloves would be more appropriate in light of this article.

You don't want anything travelling from your fingers through to the keyboard...

myke

Mirror

[arvindn]

*Sigh* I don't know what the editors are thinking when they post direct links to pdf files. Slashdotted instantly. Luckily, throwing the filename at google turned up a mirror.

Crazy

Messages in spam? That is just crazy.

Next time they start finding information in /. articles...

Steganography

[Alioth]

If you think of it, hiding messages in spam would make quite good steganography. Since pretty much most spam comes with a sizeable chunk of 'hashbusters' (random words on the bottom, random characters in the subject), you could hide your message quite easily in the hashbuster.

In regular email, just the fact a PGP encrypted message was sent by Alice to Bob would tip the authorities off that Alice and Bob were at least communicating; if they are both criminals for instance, just seeing the activity between Alice and Bob might be enough to alert the authorities to watch the pair a bit more closely because something's about to go down - even if they can't actually discover the message content.

However, if Alice and Bob are both spammers, and use the Windows worm du jour as their open spam relay, and each spam a few million email addresses, it's much harder to see that Alice and Bob are in fact conversing let alone find the actual message.

Re:Steganography

[Sly+Mongoose]

In regular email, just the fact a PGP encrypted message was sent by Alice to Bob would tip the authorities off that Alice and Bob were at least communicating; if they are both criminals for instance...

Wot choo talkin' 'bout, Loois?

Just the fact Alice sent a PGP encrypted message to Bob defines them both as criminals. At least, in the USA it does. Britain too, I think...

rent '3 days of the condor'

[dhenry]

For your hidden-code-in-popular-fiction pleasure...

Robert Redford discovers a double-secret CIA plot after analyzing book plots for the CIA.

P.S. - DO NOT look for the book in used bookstores, it sucks. The movie smooths out some of the macho BS in the book and adds some depth.

-- "Me post off-topic one day"

Plaintext reading

[Animaether]

Time to default reading your e-mail in plaintext, perhaps ?
If the e-mail doesn't offer a plaintext counterpart, then most likely it's not worth reading anyway - lest it's an HTML newsletter that you actually signed up for, but that should be obvious to spot.

Re:Plaintext reading

[Stud1y]

or i am easily amused. plaintext doesn't offer the cute little Outlook fonts and "phone" characters for people's email signatures. How in the world would i be able to tell that it's a phone number, and not just some random digits, in a three-three-four meter?

The TRUE hidden message...

[lacrymology.com]

There certainly is a hidden message contained in ALL of my spam:

YOU HAVE A SMALL DICK.

-m

Working URL for the Paper

[DaneelGiskard]

Server's down, here is another one ;-)

bh-win-04-kret.pdf

That's not what I heard.

[geekpuppySEA]

Played backwards it says "I buried Paul".

I heard "I enlarged Peter."

Just strip HTML out at the milter/MTA side

[hacker]

If you don't want to get any of these annoying webbug/spam/trojans buried in HTML emails, simply strip them out at the MTA level, with procmail or your milter or whatever else you trigger them in.

Safe for you, safe for your users, and brings email back the way it ought to be, 7-bit ascii text.

use File::Slurp;
use HTML::Parse;
use HTML::FormatText;

$file = "email.html";
$html = read_file($file);
$plain = HTML::FormatText->new->format(parse_html($html) );
print $plain;

I'll contine to take my webpages on port 80, and my mail on port 25, thank you very much.

I decoded it!

[hoggoth]

I just went through a large corpus of spam text looking for statistical irregularities, and I think I found something!

Oddly enough it was the presence of text that was MORE random than statistically likely, not less random, ie: the randomness was TOO PERFECT.

After intense analysis I have decoded the hidden plain-text. It reads:

"BUY OVALTINE"

What does that mean?

Re:Mistaken covert messages?

[Steve+B]

With the volume of spam, how does a covert agent know he is getting a hidden message from his source?

1. Set up a short list of words, one of which will appear in the subject line of each hidden message. (They need not be "spammy" words; random anti-filter(?) junk has been showing up in spam subject lines as well as the message body.)

2. Brute-force the process by running all incoming mail through your stegonography program.

I figured it out!

[Phat_Tony]

It anagrams to "Dissident hangs the compassionate"

I know what you've been doing, and I'm alerting the police! You serial killers are always leaving sneaky notes behind, thinking we won't catch you. Well you deserve the electric chair! (see I'm not compassionate. Don't come after me.)

Re:Clancy

[1u3hr]

Or the not-so-hidden messages - like Tom Clancy's plot in which a hijacked (though by the pilot) airliner flies into a building...

Not to mention the first episode of The Lone Gunmen where the CIA sends a plane on autopilot to crash into the WTC. I was somewhat amazed that I didn't see a word of commentary about this after the real event.

Hidden messages to terrorists in spam

[dav1ross]

I work in tech support for a small ISP in California. One day an elderly gentleman walked into our office and told me he was convinced that the spam he was receiving (especially the kind designed to poison bayesian filters) contained coded messages for al-Qaida terrorists, and that he had been forwarding them to the FBI! It took all my composure to assure him that this was not the case without busting up laughing in his face. We have yet to hear from the FBI, or from the local mental health clinic about this particular customer.