Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Kind of Spam 'Un-Training' Filters?

Posted by ryuzaki0 on from the battle-lines-being-drawn dept.

Zaphod2016 writes to tell us the Wall Street Journal is reporting that email in-boxes are under a new kind of spam attack. This new spam has confused many people due to its lack of advertising, viruses, or request for personal information. One popular theory is that these innocuous blocks of text, often drawn from popular literature, are being used to "un-train" spam filters to allow more malicious spam through in the future.

19 of 454 comments (clear)

  1. Other way around? by Sepodati · · Score: 5, Insightful

    Wouldn't it work the other way around? I still flag crap like this as spam, so it seems like it'd train my spam filter to have more false positives, no?

    ---John Holmes...

    1. Re:Other way around? by John+Hasler · · Score: 2, Insightful

      > ...Seems like it'd train my spam filter to have more false positives, no?

      Thereby convincing you that it is worthless, causing you to scrap it.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Other way around? by pe1chl · · Score: 2, Insightful

      Well, I maybe should have noted that it actually is helpful that it works this way, because the "english language blocker" blocks very much more spam messages than that it causes false positives.

      The spammers will have to move on to i18n, to get their message through.

  2. I buy the "broken spamware" angle by nuzak · · Score: 5, Insightful

    The WSJ article also gives due time to the theory that the spamware is simply broken and that the spam payload is being delivered with the padding and not the payload. Since I've previously seen plenty of Gutenspam (my name for this spam that contains snips from Gutenberg texts) with an image payload attached, I'm definitely leaning toward the notion that they slipped somewhere and are now not delivering the image.

    Woe betide literature discussion groups now that filters are trained on the classics.

    --
    Done with slashdot, done with nerds, getting a life.
  3. Re:My uninformed hunch: screwup... by Darth_Burrito · · Score: 4, Insightful

    That was always my hunch too. Put another way...
    "Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor

  4. Re:specious defillibrator by truthsearch · · Score: 3, Insightful

    Why the hell do you fucking spammers think that anyone will ever buy from you?

    If there wasn't money being made there wouldn't be any spam. At least a tiny percent of the people who get this are acting on them. It must be paying off for someone.

    --
    Developers: We can use your help.
  5. Probably something far less ingeneous. by OwlWhacker · · Score: 5, Insightful

    I have seen quite a number of corrupt e-mails coming from spammers. Occasionally you find the subject is merely %%SUBJECT%%, or an e-mail has entered your system consisting of just the headers and no body.

    My theory is that there are more people attempting to use spamming applications, and many of these people don't have a clue what they're doing. You'll probably find that they've forgotten to add their text to the e-mails, or are just not reading the documentation on how to successfully send their spam.

    --
    Linux/Open Source/Anti Microsoft News
  6. We've had this for years by patio11 · · Score: 4, Insightful

    The term-of-art within the anti-spam community is "Bayes Poison". Generally its appended to an actual spammy offer, but some spammers have in the past used the technique with web-bugs to determine whether they are able to deliver to particular boxes with non-spammy content, so that they can evaluate whether their later more-spammy content was excessively spammy or whether it hit the sweet spot on the blocked vs. effective-sales-pitch continuum. Most people in the anti-spam community report that garden variety Bayes Poison is ineffective at either de-spamming spammy messages or causing your corpora to be skewed to the effect that they are unusable. One major reason for this is that corpora are so specific to individual users. For example, poisoning my inbox with copies of Huckleberry Finn is rather ineffective because nobody I talk with on a regular basis writes like Mark Twain. For you to do actual damage, you would have to know enough my habits to guess subjects and words which appeared very commonly in legitimate mail -- for example, the names of my family members, keywords relating to my job or extracurricular interests, etc. It is very difficult for spammers to get this information, but some academics have reported that it is theoretically possible, although in practical terms very difficult, to use web bugs to extract the "secret sauce" needed to land in one particular inbox. http://www.jgc.org/SpamConference011604.pps

    --
    Help poke pirates in the eyepatch, arr.
  7. It's like any reactive relationship by blueZ3 · · Score: 4, Insightful

    Spam and anti-virus are good examples of fields where the "solution" is reactive to the problem.

    1. Spammers and malicious code writers come up something annoying.
    2. Anti-spam and anti-virus software reacts with a method to prevent the annoyance.
    3. Spammers and virus writers implment new tactics.
    4. Repeat steps 2 and 3 ad infinitum
    (The "Proft!" step is probably at 1a and 3b, but that's another issue)

    It's not that the spammers are "beating" the spam filters, it's that they are using new tactics and it takes a certain amount of reaction time for the filters to be updated to fight the newly evolved threat. This is why spam filters aren't the ultimate solution to spam, though they are a useful stop-gap

    --
    Interested in a Flash-based MAME front end? Visit mame.danzbb.com
    1. Re:It's like any reactive relationship by mrchaotica · · Score: 4, Insightful
      Isn't that like saying that the immune system is not a solution for diseases, only a useful stop-gap? ;)

      We aren't immortal, so yes.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  8. A lot of my spam seems pointless by nasor · · Score: 4, Insightful

    For a while now I've been getting spam for various products or services where the spammers purposely misspell words, spell words with a mix of letters and numbers "l33t" style, or spell words phonetically. I assume that this is to get past spam filters, and I imagine it works to some extent. The question is, do they honestly think anyone would ever buy something from a company that advertises "ch3@p nonperscrip70n med1ca7ion" or "lo morgage rates"? Who the hell would ever do business with a company that can't even seem to spell properly?

    1. Re:A lot of my spam seems pointless by Anonymous Coward · · Score: 2, Insightful

      You have to put yourself in the shoes of the average spam customer. You might be wanting to try some viagra, for example, but are too ashamed or don't know where to go. Once and a while, you see a message in your inbox regarding "ch3ap medz". Sure, it's tacky. But, you don't care - or you think that's how it works on the Internet; That's how these things are kept on the DL. After all, it was a bit of a challenge to find some of free music on the Internet, wasn't it? You may even be delighted that you've "cracked" the code. You feel that you're in on something. You're just glad to be able to order the stuff from the privacy of your own home.

    2. Re:A lot of my spam seems pointless by Huge+Pi+Removal · · Score: 2, Insightful
      Who the hell would ever do business with a company that can't even seem to spell properly?

      Very stupid people, mostly. There's no shortage.

      --
      - Oliver

      The right to bear arms is only slightly less stupid than the right to arm bears...
  9. Just more for your spam filter to do by mattbee · · Score: 4, Insightful

    One of our staff has written a custom spam filter based on dspam and the best addition we made in the last week was to add Optical Character Recognition support -- all image attachments are run through gocr and dspam fed with the output from this, not the original images. That way even though the spammers paste in chunks of text from god-knows-where, dspam still sees CIALIS and STOCKS and other trigger words.

    I wanted to just drop anything with a .gif attachment but plenty of our valued customers like to send us a corporate logo with each individual message :-)

    --
    Matthew @ Bytemark Hosting
  10. I wonder if a spam can might be a good idea. by LWATCDR · · Score: 4, Insightful

    Think of it as a honey pot for spam. Use something like Fred@domain.com or jsmith@domain.com put it on a few website pages and usenet posts so the crawlers get it.
    Any mail that gets sent to that address would half to be spam. Use that to build of a real time black list of messages and filter training for the rest of the domain.
    Just wondered if anyone has ever do that.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  11. Dont read too much by 140Mandak262Jamuna · · Score: 2, Insightful
    I think the spammers just bungled. They forgot to include the spammy payload. And some bug did not add the tags to make the text white-on-white with zero points or one points in height. They think these non spammy words will get them past to deliver a payload some inbox.

    Even the professionals coding up Firefox and MS-Office and iMovie are known to have written codes with a few bugs in them. What makes you think these inexplicable non spammy spam is anything more than a hiccup by the script monkeys?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  12. Re:My uninformed hunch: screwup... by gavri · · Score: 2, Insightful

    "Never attribute to malice that which is adequately explained by stupidity."

    I'm never understood this. Why attribute to stupidity that which is adequately explained by malice? These are spammers. If they can untrain spam-filters, they will. How is picking stupidity over malice in this case a wise decision?

  13. Re:My uninformed hunch: screwup... by stokessd · · Score: 2, Insightful

    Because malice is hard, and stupidity is easy. Granted in this situation it's not crystal clear, but like a good spam filter, this addage is suprisingly effective.

    Sheldon

  14. Re:specious defillibrator by MrBugSentry · · Score: 2, Insightful

    Or the third possibility that spam is more like MLM: There is no money in spam, just in selling spam tools and spam lists to suckers who think they can make money off spamming people.