Slashdot Mirror
How Image Spam Works
Esther Schindler writes "CSO Magazine has an article about "The Scourge of Image Spam," with an explanation of its effect (a year ago, fewer than five out of 100 e-mails were image spam; today, up to 40 percent are in that category, and image spam is the reason spam traffic overall doubled in 2006). You might already know about that, ho-hum. But what's even cooler is a interactive graphic page which demonstrates the various methods used by image spammers and how it works."
For me the spam e-mails are minimal to my machine. I do see a couple of them come in through GMail on the account that I have posted publicly on my website for people to contact me but for the most part they are the standard stock pump and dumps or phishing schemes.
:(
What has been killing me recently were the fucking botnet "attacks" sucking my DSL's bandwidth with those douchebags hitting me with a GET and an immediate POST for tons of URLs all over my site. Their referrer was http://www.google.com/ and for a few hours I couldn't figure out how to stop that w/o stopping Google search referrals too.
Some nice guy in #apache helped me out with:
SetEnvIfNoCase Referer "^http://www.google.com/?$" BadReferrer=1
SetEnvIfNoCase Referer "^http://www.google.com/?$" BadReferrer
order deny,allow
deny from env=BadReferrer
That has been returning 403s to the botnet which apparently stop such frequent attempts when they receive the error. I was getting hit with their shit every 4 to 5 seconds all day yesterday and now they are "pinging" me with attempts every hour or so. I don't know if it's a different botnet or the same one trying to get back in but that was the most effectual way to drop the huge spam traffic I was receiving but couldn't ban due to the wide range of IPs.
Botnets fucking suck
I send "Content-Type: image/(gif|jpe?g|png)" emails to /dev/null and pass the rest to spamprobe. After the inital learning of a couple of days, it's been 100% effective on image spam.
Works for me. Must be your browser.
Here is TFA for all those who can't read it in its current form:
Image Spam: By the Numbers
By Scott Berinato
Image Spam--an e-mail solicitation that uses graphical images of text to avoid filters--is not new. Recently, though, it reached an unprecedented level of sophistication and took off. A year ago, fewer than five out of 100 e-mails were image spam, according to Doug Bowers of Symantec. Today, up to 40 percent are. Meanwhile, image spam is the reason spam traffic overall doubled in 2006, according to antispam company Borderware. It is expected to keep rising.
1. GIF Layering
Just as word splitting divides words into multiple images to elude spam filters (see number three), an image spam can be divided into multiple images. Like the transparent plastic overlays in Gray's Anatomy, pieces of a message are layered to create a complete, legible message. In this rudimentary example, the spam is divided into three pieces (cut in the middle of letters for added obfuscation). But one message could comprise as many as a dozen layered GIFs.
2. Optical Character
Recognition Duping Optical character recognition (OCR) is the closest to sight that computers get. OCR works by measuring the geometry in images, searching for shapes that match the shapes of letters, then translating a matched geometric shape into real text. To defeat OCR, spammers upset the geometry of letters enough--by altering colors, for example--so that OCR can't "see" a letter even as the human eye easily recognizes it. The effect is something like blurred characters in an eye test.
3. Word Splitting and Ransom Notes
If OCR catches up to the color tricks in image spam, a spammer's next defense is word splitting. By dividing the image and leaving space in between the pieces, any image the OCR engine is examining is only a piece of a letter with its own distinct geometry. Instead of word splitting, some spammers have employed a ransom note technique in which each letter in the spam message is its own image, and each letter image includes background noise and other baffling techniques. A program cobbles together randomized letter images to make words. The effect looks like a classic ransom note with a mishmash of letters cut out from magazines.
4. Geometric Variance
Many filters can intercept mass mailings based on their sameness. Images, though, can be altered easily without disturbing the message inside them. Thus one spam message will arrive as dozens of differently shaped images, and each time the colors of the text images will have changed, as will the randomly generated speckling and pixel and word salads. No two images are alike despite the fact that they carry similar messages. Shown are two radically different images containing the same stock tip. The technique is popular as a scheme to boost prices of low-value stocks. In March, the SEC suspended trading on 35 such stocks that were the subject of these image spam messages, including some whose prices rose.
5. Speckling/Pixel Salad
Confetti-like speckles don't affect the legibility of the necessary information but make every message unique to confuse a filter looking for patterns or high volumes of identical images.Similarly, a bar of randomly generated color pixels can contain the vast majority of the image data. To a filter it's full of patternless noise. We can see the words in the message while the image at the bottom doesn't bother us.
6. Hyperlink Elimination/Word Salad/Animated GIF
Filters have improved their ability to find and trace spammy URLs and then block the message based on the inclusion of a bad link. To get around this, spammers will ask recipients to type the URL into their browsers.Other methods include word salads, text passages, often taken from classic novels, to confuse Bayesian filters and weighted dictionaries that rely on complex mat
Well, back to rejecting software patent applications.
The spam recipe bar is an offshoot from the WebClips feature of your inbox.
The inbox can be configured to have a single item selected at random from one of a number of RSS feeds, I have mine configured to show Routers oddly enough and slash.
The area marked for webclips is a custom feed from www.recipesource.com
If you look on your trash folder, you also get tips about recycling.
The other folders give standard syndication adverts.
More info here
liqbase