Slashdot Mirror
AOL Names Top Spam Subjects For 2005
JamesAlfaro writes "Donald Trump and "penis patch" were the most popular subject lines used by spammers this year, as the fraudsters grew more sophisticated in trying to trick consumers, America Online said Wednesday in its third annual Top 10 Spam List. Six out of the 10 top subject lines this year fell into what experts call "special-order spam," which pretend to be from a friend, or part of a legitimate, customer-driven transaction."
Sounds like the title of a children's book from Hell.
Garg
Alumnus, Xavier's School for Gifted Youngsters
The topics/products that they are using must be effective because they keep the spammers in business. It's horrible, but since these spammers are in business, a LOT of people must be falling for them.
Does "Donald Trump" and "Penis Patch" have something strangely in common?
If Carling made signatures they would be the best signatures in the world...
When I first got an internet account my spam was all p0rn and stock tips. Now it's cheap drugs and mortage loans...
:-)
Sort of a collective gutter sub-consciouness I suppose
"I like people. They're like little Happy Meals with legs" - Spike
... you know, something really simple that would help the war on spam.
1) Clean up your 20 year old database of it's unused usernames
2)Blacklist any server/ip/whatever that sends email to x amount of disabled accounts (I would say x ==5 but any value really would work)
3) Publish said blacklist
There is no way a spammer could avoid an AOL address. Start doing this with hotmail, yahoo mail, netscape mail, whatever mail, and I think we would be able to lock off the "bad" senders a lot faster than projects such as spews.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Now someone is going to be hawking the "Donald Trump Penis Patch" in my email.
OK It's out of my system now.
The obscure we see eventually. The completely obvious, it seems, takes longer. - Edward R. Murrow
What I STILL cannot figure out is WHY some jerk off thinks I would refinance my mortgage with, or trust the health and safety of Mr. Happy to, someone who cannot even fucking *SPELL*!!
"Everyone is entitled to their own opinion, but not their own facts."
I am suprised that paypal pfishing didn't make the article. I get these every day.
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/
From the article:
How can anyone possibly fall for these ? I have the worst memory of anyone I know (or remember ;), and I have no trouble remembering if I have any bending applications or e-mail conversations.
Or are these things trying to make people think that they've accidentally gotten someone elses mail and might profit by playing along - are these messages trying to tempt people into trying to commit fraud in order to defraud them ? That would be ironic, and essentially the same tactic that Nigerian letters used - could the senders of Nigerian spam claim patent violation ?-)
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
At first I thought you meant AOL tops the list of spam subjects.
Me too!
Click here for Boobies!
Considering the amount of spam I deal with in a days time, I'm amazed I've never seen one mentioning the Trumpmeister. These days my top two seem to be cheap discounts on v1agra /drugs and Rolex watches. Guess I'm in the minority, gone are my days of penis patch adverts. I guess there's always tomorrow and another unscrupulous a-hole who will add me to one of his lists to ensure that I gain 1 to 3 inches.
If big boobed women work at Hooters do one legged women work at IHOP?
by those with a greater style than I, but it's worth saying again:
If you have to get sneaky or sleazy to try and sell your products, perhaps it's a sign no one wants it?
So rise up, all ye lost ones, as one, we'll claw the clouds.
I'm wondering if the spammers are changing tactics. I used to get one spam message at a time but now I get up to a dozen messages from the same slimeball, all with the same subject line. I can't figure out why they do this because it makes spam filtering easy, more than one message with the same subject line and into the bit bucket you go.
Anyone know why this is happening?
Ed Almos
The more corrupt the state, the more numerous the laws. - Tacitus, 56-120 A.D.
Just seems to me like an ISP has to get permission from the user before blocking any email. It has to be an opt-in thing. AOL can't unilaterally junk stuff right now (and not even put it in a "spam" folder) because it violates some rule.
Paris Hilton never writes me any more :(
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Ever head of the many great realtime blackhole lists?
http://www.spamcop.net/bl.shtml
http://dnsbl.njabl.org/
http://ordb.org/
No need to roll your own. There is even one designed to list dynamic IPs (http://www.dnsbl.nl.sorbs.net/).
AC: Only on slashdot... could the sentence "My hovercraft is full of eels." be moderated "+4, Insightful
Oh yeah, they are getting really sophisticated in their trickery. Who wouldn't open an email with the subject line of "Donald Trump's Penis Patch"?
She's built like a steak house, but she handles like a bistro....
Penis Patches are of course for Penis Pirates (to go with the little penis parrots)
Yaaaaaaaaaaargggggh! Avast! I see booty
(etc etc etc)
GetOuttaMySpace - The Anti-Social Network
Yeah, with subjects like "Donald Trump", "penis patch" and "Thank you Your $199 Rolex Special Included", it's obvious those fraudsters are getting more and more sophisticated with their spam.
You don't need to find the lusrs with pwned boxen. They, after all, are only doing what they've been told to do by us technical elitey types.
You just need to realize that the broadband providers are capable of stopping this problem by themselves, with their existing equipment, and the only reason they don't do it is because it would impact their revenue stream (well, that and the high correlation of greed with stupidity).
With Comcast's resources at my disposal, I could stop all spam and virus propagation from their networks in a month or less. But a certain number of customers (mostly spammers and other criminals) would stop paying their monthly bill as a result, and thus Comcast has a simple ROI equation: Screw you over, and get paid, do the Right Thing, and don't get paid.
Easy decision for them, because WE are letting them get away with it. Write your congresscritter, make Comcast (and their ilk) liable for running worm farms.
You are proposing that we block connections to port 25?
:P
Or some more complicated magic?
In either case, leave my ISP alone
AC: Only on slashdot... could the sentence "My hovercraft is full of eels." be moderated "+4, Insightful
actually check my hotmail account.
125 messages in my inbox of which 125 messages are spam.
18 messages in spam folder.
i don't even bother to read the titles, just select all and report spam.
as long as the spammers are happy with my hotmail account, and my work email gets nothing else than "next to kin" offers of all those Nigerians living in a concentration camp somewhere in Africa to transfer me their millions of $, I'm fine. My custom made filter for Nigerian scams works, and the spam in hotmail has not ceased to amaze me in these 10 years. Well past caring about my own statistics.. maybe I bother for next year.
The list of IP ranges from which my server will not accept inbound SMTP traffic is already staggering, and yet I can't seem to get them all. It's ridiculous
Deciding what is spam or not based on where it comes from works in some specific cases (ie, the spam bots you talk about) if you could keep up with all such sources. The broader your list becomes the bigger the chance that you will end up blocking non spam mail as well however.
Whitelisting has its obvious problems with regards to people trying to contact you whom you don't know about but with whom you'd want contact. One could use greylisting instead which sortof works (untill you run into one of the many lame smtp servers that don't know about temporary failures and won't resend.. Sadly enough there are quite a few of those out there also that are used for legitimate email)
In the end, using blacklists and whitelists in an 'advisory way', ie, as an indication of possible spam in case of a blacklisted source, and likely not spam in case of a whitelisted source, combined with content based filtering, seems to work relatively well, and when used with a feedback system it can work really well, stopping virtually all spam with no or an extremely low number of false positives.
A listing of this week's subjects:
10 Subject: Re:
4 Subject: IMPORTANT MESSAGE
3 Subject: BE INFORMED ( UNCLAIMED - PRIZE)
2 Subject: UK LOTTERY WINNING NOTIFICATION Batch: 074/05/ZY369
2 Subject: AWAIT YOUR URGENT REPLY
1 Subject: àúä äåìê ìâìåú àú îä ùàó àçã ìà øåöä ùúãò...
1 Subject: contact your claims agent
1 Subject: Your Urgent Attention Is Required
1 Subject: WINNING NOTIFICATION LETTER.
1 Subject: Urgent Funds for Investment.
1 Subject: TRUSTING YOU IN ACTUALIZING THIS
1 Subject: THANKS
1 Subject: REQUEST ASSISTANCE/PARTNERSHIP .
1 Subject: REPLY TODAY PLEASE!!!
1 Subject: RE: URGENT RESPONSE NEEDED
1 Subject: Please kindly get back to me.
1 Subject: PRIVATE AND URGENT
1 Subject: PRAY FOR ME
1 Subject: PLEASE TREAT URGENTLY-------
1 Subject: PLEASE ASSIST
1 Subject: ONLINE DRAWS
1 Subject: NOTICE
1 Subject: NEED YOUR REPLY
1 Subject: Mrs. Nora Walters(Benefactor).
1 Subject: Mrs Mary Koffi/ Michael son.
1 Subject: Martinez
1 Subject: MY INTRODUCTION
1 Subject: LAST WINNING NOTIFICATION$$$
1 Subject: INVESTMENT
1 Subject: Hope to hear from you soonest.
1 Subject: Good day
1 Subject: From: DR. JOSEPH
1 Subject: FROM DR IBRAHIM DABLA
1 Subject: FRANCIS SULE
1 Subject: FOR YOUR CONSIDERATION
1 Subject: FINAL WINNING NOTIFICATION!!!
1 Subject: Expecting your response.
1 Subject: Dear Friend.
1 Subject: Contract Payment From Central Bank Of Nigeria
1 Subject: Congratulations! You won...
1 Subject: COULD YOU BE ENTRUSTED WITH US$50,000,000 (?)
1 Subject: CONTACT YOUR CLAIM AGENT
1 Subject: CONGRATULATIONS- YOU JUST HIT THE JACKPOT.
1 Subject: CALL FOR LOTTERY CLAIM!!!!!!!!!!!
1 Subject: ATTENTON////Pascoe???
Apparently I get a different kind of spam than AOL.
"You need a bigger penis!" :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
... you're telling me i won't be recieving my Penis Patch Body Wrap anytime soon?
dammit!
i don't care
When I read articles like that, I lose faith in the so called "human intelligence"
1) What kind of person would send an email with "Penis patch" in the title
and
2) What kind of person would actually open it/view attachements.
Register the editry.
Would it really be that much trouble to make one phonecall?
Example: Comcast (or other huge ISP) blocks port 25 by default. To unblock your port 25, call the 1-800 number and make the request. The End.
Yes it will add another hoop to jump through, and will undoubtedly complicate things for n00bs trying to setup whatever flavor of e-mail client they want/need to use, but the vast majority of subscribers aren't using this port.
For companies like Comcast, this is just another added line to the papers they stuff into your self-install kit.
just my 2 cents
[Fuck Beta]
o0t!
...so they read the e-mails of their clients?
...so is this either "Top 10 Reported spam subject lines" or are they invading our privacy?
Let's say I get some great real-estate offers in my email account. I choose to report it as spam, once. AOL or anyone else gets this mail and they can analyze it or do anything they want with it.
The next day I get an identical mail and it gets sent to the SPAM folder. Do they have the ability to see this one as well? What if one that isn't spam gets marked as such, but contains sensetive and personal information?
When will the FTC/DOJ/FBI/DEA ever get their collective acts together and start jailing people for criminal fraud? Why aren't there RICO prosecutions against the individuals and institutions backing spam enterprises? Can it really be that hard to follow the money trail?
Oh, maybe because some of them are based in other countries whom we do not have extradition treaties with?
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Well, i for one am happy to see the makers of penis are fast to respond to the latest penis exploits.
For some time, I have been closely tracking levels of mortgage/lending/credit spam received on several email accounts. I am doing this because I am interested in the lending business and hope to see levels of spam correlate with activity in the industry.
Anyway you can find my data here:
http://www.perpetualbull.com/mortgage-spam/
Various regex are used to locate spams of this topic. Not 100% accurate but pretty good
question, is that "names" as in "AOL identifies Top Spam Subjects For 2005", or names as in "AOL makes up Top Spam Subjects For 2005"?
Just wondering...
Heh, funny, i thought you'd be more likely to write about the penis patch... =\
Anyone else get a LOT of Korean advertisement? Some of these products are so weird, I have no clue as to what they are. It's the only spam I mind, it's actually quite funny some of the emails I get. The intervals of Korean advertisement, unfortunately, has been increasing though.
$fortune
Tomorrow has been canceled due to lack of interest.
I've kept every spam caught by myself or spamassassin for the past couple of years and have just checked the top 10 subjects of the spam caught:
380 Subject: Remember the old days?
442 Subject: Impotence treatment
443 Subject: Undelivered Mail Returned to Sender
467 Subject: Re:
534 Subject: Message subject
861 Subject: New product! Cialis soft tabs.
932 Subject: Tadalafil Soft Tabs - Great results!
933 Subject: Delivery Status Notification (Failure)
1024 Subject: The Ultimate Online Pharmaceutical
1030 Subject: failure notice
Not sure how accurate this is, but it's all from SA. Seems I'm targetted for pharmaceuticals (though i dont need them, really!)
Sparks:Gadget:Beer Maker
In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penisses, taken Viagra and are looking for a new relationship.
http://bash.org/?203815
The patterns used by worms and spammers are extremely noticeable. You can identify them with Snort (free software) and you can slow them down with a tarpit (free software). It's almost impossible not to see the worms, in particular, if you are doing the most basic sorts of network monitoring in order to allow proper network management.
It'd be easy to block infected machines, and machines that are spamming, using the DOCSIS cable modem (which is controlled by the ISP, not the end user). Reroute all traffic to and from infected machines to a special "hey you are infected here are some antidotes" network and charge the antivirus companies for the privilege of hawking their products and services on that network.
Easy, that is, for a highly competent and experienced network engineer. Which is to say someone who commands a higher salary than the greedy broadband ISPs are apparently willing to pay. Instead they hire people who think port-blocking customers is reasonable (that is, inexperienced people) and incompetents who can't even figure out how to run a web cache (also available as free software) without getting themselves in trouble.
Since AOL gets to name them, does that make it their parent?
Hello, Comcast? My name is Joe Spammer, I'd like you to open my port 25. Thanks!
Do you pay any attention to the hoops that many spammers are currently jumping through? Throwaway domains, DNS & reverse IP games, etc. Unless you're willing to close it totally, restricting port 25 will have little effect.
AC: Only on slashdot... could the sentence "My hovercraft is full of eels." be moderated "+4, Insightful
Unfortunately, E-mail has been around a lot longer than most any operating system in existence today. Just the abuse of that system has been made easier because of the caliber of the majority of the users on the "operating system responsible for the mess in the first place" that you allude to.
How is a subject line of "penis patch" being more sophisticated? If consumers are being defrauded by unsolicited messages with a subject line of "penis patch", I think it's a case of consumers becoming more stupid, not fraudsters becoming more sophisticated...
Don't underestimate the power of The Source
Sorta off topic, but, Information Week, did you really need spread this article over two pages when the sidebar with your ads is longer then the article itself? Go page hit count.
#include <signature.h>
While I'd prefer an approach that puts the burden on the infected PC owners rather than on people who actually have a clue, I'd be willing to make the phonecall.
And your method would be simple enough that even Comcast might conceivably be competent enough to implement it. Maybe. Unfortunately I am a customer, so I'm kind of pessimistic on that front.
What you're missing is that the phone calls wouldn't be made, because the people who own the machines aren't aware that they're actually sending spam courtesy of the last Trojan they installed.
Only the dead have seen the end of war.
Should they choose to. Technically it's dead easy, whether they will or not depends on the terms and conditions (you did read and understand them didn't you?).
Don't like that? Encrypt it. Emails are like postcards not letters.
Deleted
Whitelisting has its obvious problems with regards to people trying to contact you whom you don't know about but with whom you'd want contact. One could use greylisting instead which sortof works (untill you run into one of the many lame smtp servers that don't know about temporary failures and won't resend.. Sadly enough there are quite a few of those out there also that are used for legitimate email)
/24 network at a time, cleans up rather nicely. It's certainly blocking lots, and all my maillist mail gets through just fine. I don't know of anyone who's had trouble mailing me, I think the problems may lie with pariticular implementations of greylisting software, rather than the MTA which is delivering mail.
greylisting works just fine here, using qgreylist, it greys a
Why UNIX?
What this will do is prevent zombie networks from sending out spam.
I'll never make that mistake again, reading the experts' opinions. - Feynman
Right.
But any such solution creates complexity. I recently had my Comcast connection die for no apparent reason. I spent hours on the phone only to find out that it was a bug in their modem registration system and that their pre-built tools couldn't fix it. It took days to get a bug fix.
Besides, I'm afraid such implementation would encourage the RIAA or CIA to pull some funny business...
AC: Only on slashdot... could the sentence "My hovercraft is full of eels." be moderated "+4, Insightful
where does aol fall on this list again?
You do realize that they send unwanted advertisements to their own customers right?
Its not as if they are related to AOL services either. For the right price your ad can be sent by AOL to an AOL subscriber FROM AOL
We seldom regret saying too little but often regret saying too much.
They certainly have the technical ability to read it. As to whether they allow their admins and spam fighters to read it? Good question. It may be covered in the Terms of Service.
I actually purchased the penis patch, but it failed to apply with "patch -p1 penis_patch" - any advice?
Funniest thing I've seen in a while
hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
Always update your penis regularly with the latest patches. It is effective security against viruses and bugs. Just don't use Microsoft patches, as they cause shrinkage and floppiness.
... and then they built the supercollider.
Finally I've found a spam filter that works - www.mail-filter.com - it uses disposable email addresses, RBL's and spam signatures to weed out the chaff. Seriously, this is the MessageLabs for the people...
Zen tips: Pay attention. Don't take it personally. Believe nothing.
I think the problems may lie with pariticular implementations of greylisting software, rather than the MTA which is delivering mail.
You are mistaken.
The problem comes down to the delivering MTA treating a temporary failure as a permanent one, and never resending that mail. That is a broken MTA according to the RFCs and is the problem here. There is nothing whatsoever that a greylist implementation can do to prevent this (given we are not using entirely different definitions of greylists)
Of course this is a non-issue if you don't want that mail anyway.
At any rate, I've seen this issue a few times, and it is easily resolved but requires manual intervention. A better solution would of course be for the sender to install a proper MTA.
If you want to nitpick then you can argue that this is not a problem with greylisting but with those MTAs, and right you are, but I want my mail to arrive and it stands in the way of that at times, whereas my current content and rbl based filters don't.
Penis patch? Is this for those unlucky times when your penis has sprung a leak?
:) :)
(Yes, I know what a penis patch is... some of these subject lines just crack me up)
Anyway... I actually have any spam caught on my mail server (several hundred per day) forwarded to an IMAP account that my roommate checks. The first thing he does in the morning is to laugh his ass off at spam subject/body lines for about 15 minutes. Some of my favorites from today are:
Penis Launcher
up! no down
Greetings, white man!
Re: hobgoblin belong
Hardly of age teen cutie taking it deep in all holes. forever
Did you have a sex yesterday? real
It seems to be an appropriate way to say hello to OOP lovers
The world is getting bigger; your penis has to get bigger too.
I get a completely different selection of spam on my home and work email accounts.
At work it's 99% online pharmaceuticals. They charge less but give better service, apparently. All 1000 of them.
At home it's sex ads, fake prestige watches and some moron who bombards me with inane stock tips. Possibly morons, because they use two different ways of getting past spam filters.
Then there are the usual subterfuges, like the all-graphics email, the emails with blank times to screw up inbox date sorting, and the random words email subjects (just what the fuck does "that begin an exclusion seventeen" mean, anyway?).
The less said about my various hotmail accounts the better. Shudder.
...laura
This is an example:
iuxm.lmeoerzyh@msa.hinet.net FW:1Äv¼Ð ®É©|¥]¥] ¥@ɦWö
I have no idea what they are selling as I don't read Chinese/Japanese/Korean/
So what is the point of sending them to me?
qz
special offer
As seen on oprah
Online degree
Viagra online
Lowest insurance rates
Hot teen action
XANAX online
lower your mortgage rates
Get out of debt
Hot porn action
Online pharmacy
Get Bigger
Lowest mortgage rates
online prescriptions
Hot XXX action
lower your insurance now
improve your sex life
meds online
satisfy your partner
Valium online
online diploma
refinance
: Today on Oprah:
:
: A special offer to get your online pharmacy degree by refinancing and
: lowering your insurance. Sexy teens will want you. Free meds for life!
Yeah, because spammers would NEVER pretend to be other people....
A hundred and fourteen years of AOL? No one could stand such torture!
Doesn't scale nearly as well as botnets do, and they'd also have to spoof Caller ID unless they'd like to make it incredibly obvious.
Only the dead have seen the end of war.
lol no this am not a virus!
I can explain it for you, but I can't understand it for you.
I dont know about other ISPs, but Comcast *does* block port 25, when the system autodetects spam.
:)
Usually it results in "my emails aren't going out what is wrong", and then an explanation of zombie botnets and how people like them are sending the spam they are getting in their mailbox.
Usually they get their computer cleaned out, send an email to an email address with the MAC of their cable modem, and they can send emails again.
Posted anonymously so I dont get this pinned on me at work
Better than a blanket blocking of Port25, and pretty effective.
While I understand your point (Alan Robertson likes to say "Complexity is the enemy of reliability") there is a necessary level of complexity required to provide a decent service.
Would it be acceptable for a doctor to hire nurses and receptionists with infectious typhus, if that cost him less money, or somehow simplified his office routines?
Why is it acceptable for broadband ISPs with billion-dollar budgets to create a breeding pit for worms and viruses, when they could just hire more capable staff and solve the problem by increasing the level of complexity their staff could handle?
Because they have geographic monopolies, the large ISPs don't have to provide decent service. Remember Lily Tomlin's old routine? "Sir, we are the phone company. We are a monopoly. We don't care, because we don't have to." A little dated since the breakup of Ma Bell but it seems those days are coming back again.
As for the RIAA, you are probably right that a cleaner network worldwide would help them with their nefarious schemes. The CIA, on the other hand, is probably quite happy knowing millions of zombie computers are available to them at any time. Plausible deniability is easy to come by under such circumstances.
I don't doubt that some spam networks are controlled overseas, but I still believe that a lot of the dollars get handled here first, which is why RICO prosecutions would be so effective, since the middlemen would be just as guilty since they are participants in the conspiracy.
Well, as I previously implied, I've always been very happy with the quality of my connection to Comcast, even if their customer service sufferes from perhaps a minimum of typical corproate ailments. Working with other broadband providers out this way, I've often had big gripes. MSN DSL didn't even provide an SMTP server - perhaps they still don't. Comcast is fast and reliable. That's all I really need. Then again, if they screwed that up, I might be willing to go back into the market.
AC: Only on slashdot... could the sentence "My hovercraft is full of eels." be moderated "+4, Insightful
You're the first person I've ever heard describe Comcast as "fast and reliable". You must not be in Delaware!
I've been a customer of theirs for five or six years now, and I've been on several different segments.
I've completely replaced my firewall box 3 times, my cable modem twice, and all my internal wiring twice, because Comcast insisted that my problems must be my fault. Eventually I discovered that every single person in my neighborhood had the same problems and confronted Comcast with this (the neighbors claim they had reported their problems already, but I dunno really) so they sent a guy out who determined that the ground on the pole at the end of the street was no good. Before he made this determination (which eliminated 80-90% of the outages, incidentally) he rewired everything between the pole and my house, creating an incredibly baroque +60' cable run that went all over the place and involved repeatedly puncturing the drip cap tin on my back porch roof, which compromised my waterproofing. When I got home from work I cut it down to a 25' run that went directly from the pole to my entry point and caulked all the extraneous holes with silicon; after that the service was comparitively good (only a couple of 1 to 5 minutes total service interuptions a day).
A weird side effect of this incident was that I started getting 3 or 4 cable channels on my TV that I hadn't signed up for; after a few months, though, they went away again.
Despite all my whining about Comcast's incredibly unreliable, slow (due to thousands of worms which attack my firewall all day long), and poorly designed service (ever look at their DNS setup?) it's the only thing I can get at this time. Unless I was willing to steal wireless from my neighbor, but he's on Comcast anyway.