More spam for your inbox

Published: 2006-02-17
Last Updated: 2006-02-17 22:52:25 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

It's nice to see that all the spam countermeasures that we deploy actually are effective. How do we know that? Well, spammers are constantly trying to exploit new tricks against various spam detection methods, with more or (usually) less success.

One of the latest "tricks" from their bag consists in sending extremely short e-mails in order to starve the decision matrix of the Bayesian classifier.

The sample e-mail below looks like a desperate move by a spammer in order to evade spam detection.



We can see that in the e-mail body there is only couple of words, but there is a ZIP archive as well. In the archive there is a HTML web page, together with some disclaimers(!!). The HTML web page is the actual spam content (this time being some porn spam advertisement with links to PayPal; they're obviously trying to make some money).

The disclaimer is even more interesting:

  XXX Content Warning
  .............................................

  Please read and comply with the following conditions
  before you continue:
  .............................................

  I am at least
  21 YEARS OF AGE.

And so on. This is probably some kind of legal defense as they are advertising porn web pages.

We've seen two variants of this spam. They are basically similar, but in the other case the ZIP archive is actually password protected and password is listed in the message body. This can cause various e-mail gateways to alerts (as this looks pretty much like a worm).

Keywords:
0 comment(s)

Comments


Diary Archives