Slashdot Mirror
How Image Spam Works
Esther Schindler writes "CSO Magazine has an article about "The Scourge of Image Spam," with an explanation of its effect (a year ago, fewer than five out of 100 e-mails were image spam; today, up to 40 percent are in that category, and image spam is the reason spam traffic overall doubled in 2006). You might already know about that, ho-hum. But what's even cooler is a interactive graphic page which demonstrates the various methods used by image spammers and how it works."
This is a great article describing how it is formed, why it looks like that, what that is designed to trick, etc.
The key point they're missing is that it works under the assumption that a very small part of the populace doesn't recognize this as spam. These people then think that an investment firm decided to tip everyone off and they mistakenly buy the stock so that it goes up a nickel only to watch it drop shortly after the spammer drops the stock.
What's ironic is that I'll bet there's people out there with money that know this scam but buy the stock to also cash in on people who think this is a real tip. It might even be that the initial assumption is wrong and that the only people scamming each other are scammers trying to take advantage of another scammer's scam. Scam. Oh, the irony if that's the case. Either way, the article mentions the SEC removing stocks that went up that were junk stocks in spam mailings!
It's a scam. Stay away and alert your loved ones if you think they may fall into the initial category of the small part of the populace. The safest way to stop spam is to alert people and teach them how to identify it.
You don't buy stock that an angry fruit salad told you was hot just like you don't sleep with the girl who leaves dead spots of grass where she sits on the corner. Awareness is a valuable key to our solution against spam.
My work here is dung.
Anyone with a Gmail account ever notice that your targeted advertising links are all about spam recipes (i.e. Spam Meat Loaf) when you're in your spam folder? I've always loved that, and figured that it may have started out as a bug, but one that the Gmail team sort of fell in love with.
u-bend
Every 4 to 5 seconds is not bad, I was hit by a similar attack.
I run a webserver on my home connection, all it hosts is MythWeb, and it is password protected. I am the only person who should have to access it, and am on a dynamic IP address (not a problem I thought when setting it up, and have been very successfully using DynDNS.) About a year ago my IP address was changed to a new one, as it happens. My internet was going as slow as molasses about 10 minutes later, although I just thought it was a temporary thing with my connection. The next day it is even slower, and so I begin to investigate - I perform a speedtest and get very good results for download (but not perfect), but almost no upload. I thought this was odd and checked with my ISP to make sure there were no known issues with the connections in my area - there were not. So I then plugged my modem directly into my computer and it was still happening (which made me think it was something with my ISP, as it affected my router and my computer), and so I then clicked on my bandwidth monitor to see what speeds I could get, and before doing anything there was a constant stream of about 100kb-150kb of downstream traffic. And so I plugged the internet back through the router (I was running a software firewall by the way, so I considered bypassing the router safe).
I then looked at my webserver logs, and it took forever to load. So instead I did a "tail -f" on the error log. I must have been receiving hundreds of requests per second for websites that were nothing to do with me. It was scrolling so quickly I could not read entries as they went past. Examining it more closely I realized what happened: the owner of the IP address before me had been running an open proxy on port 80, and when the IP address changed all their requests were redirected to me, killing my much slower connection (from all the 404 responses apache was sending). So I closed port 80 for a week, and my connection returned to a somewhat normal state. However, I was still receiving about 20 requests a second, despite being offline (seemed mainly to be people trying to do dos attacks through a proxy). After a month this was down to only 1 or 2 a second, and it has remained like that till today.
Because of your post I checked my webserver logs, and at 1:27:18am I received my last request for a website, and looking into it my IP address changed to a new one (only took a year), and so some other unfortunate person is now receiving a few requests a second to be a proxy server.
It seems that a lot of image spammers have tried to circumvent newer spam-blocking technology by using animated GIFs: the first frame of which is blank, and the second of which contains the ad.
For months, we had consistent problems with clients e-mails (using a major ISP I won't mention here) not reaching our server. Curiously, it would happen most often with replies to our original e-mails.
After months of anguish and highly accusatory phonecalls to the ISP's tech support, we discovered the problem. Our company e-mail signature contains GIF images. When a client replied to us, quoting the original e-mail, the ISP would scan the e-mail, detect the inline GIF, and block the e-mail.
Since we changed the format of our signature to use JPEGs instead of GIFs, we've had no problems with the ISP blocking client replies.
So once again I assert: the biggest problem with spam isn't even the spammers, it's the n00b sysadmins who implement agressing spam-blocking rules before thinking about the consequences. I'd rather get more spam that have legitimate e-mails blocked by false positives.
"The first thing we'll do is kill all the spammers..."
I've almost deliberately exposed my email address all over the place, without the ridiculous antispam obfuscations (no "ninja AT slaphack DOT com" here), because I prefer not to use CAPTCHAS where I can help it, and that's just a poor-man's CAPTCHA.
The reason? Simple:
Statistical spamfiltering of any kind -- bogofilter, in this case -- is creepily accurate.
Recently, I lost my bogofilter database (due to my own stupidity). It took one day for it to get back to 95% accuracy, and another day to get up to 99%, with one false positive -- the first I had seen in about six months.
Don't thank God, thank a doctor!