Slashdot Mirror
What's With All This Spam?
coondoggie writes to mention a Network World article about soaring spam levels, confirmed now by researchers, IT managers, and security vendors. So, indeed, it's not just you: October was a spammy month. From the article: "Levine's assumption is this spike in spam levels is a result of a new generation of viruses and zombies that can infect PCs more quickly and are harder to get rid of. In its October report, messaging security vendor MessageLabs says the spike is largely due to two Trojan programs, Warezov and SpamThru. Others say a new breed of spam messages called image spam -- messages with text embedded in an image file that evade spam filters, which can't recognize the words inside the image -- is responsible." A note: I have no interest in penny stocks.
What spam? I get maybe 1 or 2 spam emails in my actual inbox each week.
Oh, my spam folder? Over a hundred a day, but as I recall, Gmail has miscategorized maybe 2 or 3 messages as spam during the entire time I have used it. Unless I am expecting something, I rarly check the spam folder at all.
Need help treating your acne? Come here!
I use SpamAssassin and train it regularly against obvious spam. I've heard that this new crop of spam GIFs accompanying seemingly-normal text is mean to get through or even de-train Bayesian filters, but wouldn't SpamAssassin be able to recognize that one common thing about all these messages is an attached image file, and so consider that a spam marker? I read my mail as plain text in Gnus, and most people I correspond with avoid HTML mail and image attachments, so it wouldn't be a problem for me if GIFs or PNGs went straight to /dev/null.
Many of these stock spams have been going to people who have accounts at Ameritrade. It is likely that their email list has been stolen. See http://www.billkatz.com/node/77 for details.
Domain owners: Set up SPF NOW!!!
I set up SPF on my domains and the number of bounces from spoofed SPAM dropped dramatically.
Do not wait any longer, do your duty to the internet community: Set up SPF NOW!!!
No, I will not work for your startup
I barely get any spam either, but my ISP's mail servers are so choked with the stuff that real emails are being delayed by as much as two and a half days. So all of you who say "What spam?" need to be aware that, unless you only send messages to yourself, it's a real problem for everyone.
At work we use spam assassin with a gpl OCR plugin, however, it's getting foiled by intentional added noise in the images. I propose we come up with a way to detect these non-character elements (noise) in the associated spam images instead of just trying to OCR the text. The noise I've seen seems to be like it should be easily detectable.
I use a plugin called FuzzyOcr, and it handles animation and noise very well. Unfortunately the OCR itself isn't great, so it reads a lot of gibberish. FuzzyOCR compensates for this by being very liberal with its string matching (hence the name). The nice thing is, it correctly identifies the vast majority of the image-based spam I receive. Unfortunately, it's very easy for it to identify false positives. So far I haven't had this problem, but you might, especially if people often send you screen shots.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Check out this link http://www.hawkwings.net/2006/08/01/mailapp-rule-f ix-for-image-spam/
It's for Apple Mail, but can be applied to any mainstream email app.
Sure they can. They've got access to botnets of random compromised PCs sitting in homes and offices around the world. If they find one being blocked too much, all they have to do is send the commands to another one. It's legit mailers, who have anywhere from one to a few dozen outgoing servers (depending on the size of the organization) who can't change their IPs.
The list you're putting together is probably mostly a mix of spam-friendly ISPs and residential/small business DSL/cable IP blocks. The reason you're not seeing many false positives is that most legit home users send through their ISP's mail server rather than directly to you, so you don't see that their IP is on your list.
Parent
I used to work for a spam company. They would buy 10 domains a week at $5/domain (reseller license). I setup SPF records for all of those domains because it would reduce the spam score at some ISP's if mail came from a domain with a valid spf record. We were making $20k/day, so the cost of buying a domain was minimal. SPF records aren't quite used the way they should be.
This is 6 months ago thinking.
Spam botnets now have so many client machines that Joe Spammer only needs to send out 10 or 20 messages per system per day, and he sends them out slowly.
As soon as a solution seems "obvious" to "everyone", the spammers have moved on. I work for a university, looking after IT Security. We still get people ask us why we don't do bayesian filtering on our ~700,000 emails per day (hint: when 85% of your email is spam, it doesn't help much) or OCR (1: CPU load++, 2: spammers now use animated gifs with noise, split in the middle of rows and re-layouted with HTML).
I got this rule somewhere, and it seems to work for filtering out the gif spam for me:
If the "content-type" header contains "multipart/related", classify as spam (and not in address book, previous recipients, etc).
Don't know exactly what this implies, but seems to be working for me, otherwise I would be getting tons of gif spam that passed my server's spam assassin and my e-mail client's bayes filter.
It's called "Bayesian Poisoning". Wiki here: http://en.wikipedia.org/wiki/Bayesian_poisoning
Some discount brokerages only charge a flat rate for each trade, regardless of how many shares are traded. I know Etrade is one example and I'm sure there are countless others.
Like for most of us, this is pretty common. If you want to generate your own such gibberish texts, based on input texts, search for a program called 'dadadodo'. I stumbled across it in the FreeBSD ports tree and had some fun experimenting it. "Know thy enemy" and all that.
Method of processing duck feet