Slashdot Mirror
How Image Spam Works
Esther Schindler writes "CSO Magazine has an article about "The Scourge of Image Spam," with an explanation of its effect (a year ago, fewer than five out of 100 e-mails were image spam; today, up to 40 percent are in that category, and image spam is the reason spam traffic overall doubled in 2006). You might already know about that, ho-hum. But what's even cooler is a interactive graphic page which demonstrates the various methods used by image spammers and how it works."
For me the spam e-mails are minimal to my machine. I do see a couple of them come in through GMail on the account that I have posted publicly on my website for people to contact me but for the most part they are the standard stock pump and dumps or phishing schemes.
:(
What has been killing me recently were the fucking botnet "attacks" sucking my DSL's bandwidth with those douchebags hitting me with a GET and an immediate POST for tons of URLs all over my site. Their referrer was http://www.google.com/ and for a few hours I couldn't figure out how to stop that w/o stopping Google search referrals too.
Some nice guy in #apache helped me out with:
SetEnvIfNoCase Referer "^http://www.google.com/?$" BadReferrer=1
SetEnvIfNoCase Referer "^http://www.google.com/?$" BadReferrer
order deny,allow
deny from env=BadReferrer
That has been returning 403s to the botnet which apparently stop such frequent attempts when they receive the error. I was getting hit with their shit every 4 to 5 seconds all day yesterday and now they are "pinging" me with attempts every hour or so. I don't know if it's a different botnet or the same one trying to get back in but that was the most effectual way to drop the huge spam traffic I was receiving but couldn't ban due to the wide range of IPs.
Botnets fucking suck
This is easy enough to defeat. Ignore all emails that aren't plain text.
Give me Classic Slashdot or give me death!
I send "Content-Type: image/(gif|jpe?g|png)" emails to /dev/null and pass the rest to spamprobe. After the inital learning of a couple of days, it's been 100% effective on image spam.
TFA shows exactly how the images try to fool OCR software.
Defenses against OCR:
* Throw in pixel noise
* Alter colors (I don't really understand this one other than insufficient contrast)
* Alter geometry enough to throw recognition algorithms off
* Give each letter a different font/position/geometry so adaptive OCR doesn't have enough samples to adapt.
* Split up images into layers of multiple images such that no single image has, by itself, any text
It's a very interesting article. We're going to have to make big strides in AI to the point where computers will be checking email and evaluating it as spam similar to how we do it as humans.
More Twoson than Cupertino
Enough to pump and dump penny stock, it would seem.
Javascript + Nintendo DSi = DSiCade
Are they? Hardly any of it gets through my Spamassassin filter. There was a period back last October 2006 or so when I got a lot, but SA caught up. I did have to add a little weight to "image only" rules, but so far I've been able to filter the vast majority of it out.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Works for me. Must be your browser.
Here is TFA for all those who can't read it in its current form:
Image Spam: By the Numbers
By Scott Berinato
Image Spam--an e-mail solicitation that uses graphical images of text to avoid filters--is not new. Recently, though, it reached an unprecedented level of sophistication and took off. A year ago, fewer than five out of 100 e-mails were image spam, according to Doug Bowers of Symantec. Today, up to 40 percent are. Meanwhile, image spam is the reason spam traffic overall doubled in 2006, according to antispam company Borderware. It is expected to keep rising.
1. GIF Layering
Just as word splitting divides words into multiple images to elude spam filters (see number three), an image spam can be divided into multiple images. Like the transparent plastic overlays in Gray's Anatomy, pieces of a message are layered to create a complete, legible message. In this rudimentary example, the spam is divided into three pieces (cut in the middle of letters for added obfuscation). But one message could comprise as many as a dozen layered GIFs.
2. Optical Character
Recognition Duping Optical character recognition (OCR) is the closest to sight that computers get. OCR works by measuring the geometry in images, searching for shapes that match the shapes of letters, then translating a matched geometric shape into real text. To defeat OCR, spammers upset the geometry of letters enough--by altering colors, for example--so that OCR can't "see" a letter even as the human eye easily recognizes it. The effect is something like blurred characters in an eye test.
3. Word Splitting and Ransom Notes
If OCR catches up to the color tricks in image spam, a spammer's next defense is word splitting. By dividing the image and leaving space in between the pieces, any image the OCR engine is examining is only a piece of a letter with its own distinct geometry. Instead of word splitting, some spammers have employed a ransom note technique in which each letter in the spam message is its own image, and each letter image includes background noise and other baffling techniques. A program cobbles together randomized letter images to make words. The effect looks like a classic ransom note with a mishmash of letters cut out from magazines.
4. Geometric Variance
Many filters can intercept mass mailings based on their sameness. Images, though, can be altered easily without disturbing the message inside them. Thus one spam message will arrive as dozens of differently shaped images, and each time the colors of the text images will have changed, as will the randomly generated speckling and pixel and word salads. No two images are alike despite the fact that they carry similar messages. Shown are two radically different images containing the same stock tip. The technique is popular as a scheme to boost prices of low-value stocks. In March, the SEC suspended trading on 35 such stocks that were the subject of these image spam messages, including some whose prices rose.
5. Speckling/Pixel Salad
Confetti-like speckles don't affect the legibility of the necessary information but make every message unique to confuse a filter looking for patterns or high volumes of identical images.Similarly, a bar of randomly generated color pixels can contain the vast majority of the image data. To a filter it's full of patternless noise. We can see the words in the message while the image at the bottom doesn't bother us.
6. Hyperlink Elimination/Word Salad/Animated GIF
Filters have improved their ability to find and trace spammy URLs and then block the message based on the inclusion of a bad link. To get around this, spammers will ask recipients to type the URL into their browsers.Other methods include word salads, text passages, often taken from classic novels, to confuse Bayesian filters and weighted dictionaries that rely on complex mat
Well, back to rejecting software patent applications.
Since it appears that Web 2.0 is all but synonomous with cross-site scripting as a feature, my default browser settings have all scripting and components off. A site gets into my trusted site list only if I trust it with my credit card or equivalently, allow it to install software on my system (such as Windows Update).
I find the "problem" of image spam quite easy to avoid. I just don't accept any emails with attachments/images unless they're on my whitelist, because really... who's going to be emailing pictures to me other than my friends and family ? It's just plain retarded.
-Billco, Fnarg.com
This is, no doubt, Web 2.0 at its finest. I think I'd rather have spam.
What's next? Articles written as directed acyclic graphs?
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
The spam recipe bar is an offshoot from the WebClips feature of your inbox.
The inbox can be configured to have a single item selected at random from one of a number of RSS feeds, I have mine configured to show Routers oddly enough and slash.
The area marked for webclips is a custom feed from www.recipesource.com
If you look on your trash folder, you also get tips about recycling.
The other folders give standard syndication adverts.
More info here
liqbase
Then a bunch of clueless yahoos with some backdoor spyware on their system will simply get a bunch more spam back from us.
Do you really think that spammers are actually sending mail from their own computers or even their own mail servers?
1. The script writer who writes the script to compromise the PC ... ... the middlemen who buy the spam leads from the lead generator and in turn represent themselves as "lead generators" to mortgage brokers and banks, promising the mortgage brokers and banks that the leads were generated legitimately through their web sites.
2. The idiot whose unprotected PC spews forth the spam
3. The ratfuck who controls the botnet and rents it out to the main spammer
4. The main spammer who serves as the point of contact with the "lead generators"
5. The asshat individual spammer "affiliates" who spam at the direction of the main spammer
6. The lead generators who buy the spam leads knowing they were generated by spam and the greywash them by selling them to
7-9.
10. The mortgage brokers and banks who buy the leads from the middlemen without asking too many questions, but have read the terms of the contract which state the leads were generated legitimately.
11. The foolio who replied to the mortgage spam and is now getting calls from dozens of mortgage brokers wanting to give him a quote.
The broker paid probably $1.00 per lead, but stands to make $5,000 to $15,000 in commissions.
I sued some mortgage spammers, and when I got to their bank records through discovery, these fuckers were grossing $90,000 per day. You read that correctly.
No Inflation Taxation without Representation