MoMusings

I have written a number of blog entries about the newer tricks being used by those that love to clog up the internet and more personally, our inboxes with the scourge of Spam!

We have been seeing a rather massive increase in the quantity of spam, as well as more graphical spam, which the spammers seem to be using more and more in place of ASCII text, HTML and the usual obfuscation tricks and techniques to try and fool the anti-spam tools many of us use.

Just to prove the point that spam has increased, here is a chart that clearly shows the current increase [Source: David Hart]:

The full chart can be found here on David’s own web site.

Here is a very sobering quote from an article from ‘The Register‘, about this massive rise: ‘Spam black list maintainer Total Quality Management Cubed has seen a 450 percent increase in spam in two months, and the amount of spam filtered out every week by security software maker Sunbelt Software has more than tripled compared to six months ago.‘

If you don’t believe this, then here’s another article with other people saying much the same thing.

What’s behind this massive surge? Well, no prizes for guessing that the main culprits are the many botnets that are increasingly being used to send out the vast swathes of spam that we are seeing. However, there have been two new malware strains that may also be, at least partially, responsible for the recent and sudden increase. The new malware in the spotlight are, the SpamThru trojan and the massive number of variants of Warezov.

If you want to see how bots are used to send spam, then take a look at this blog article from the McAfee AVERT Labs blog.

So, now we know what the probable causes for the massive increase in spam are, let us now look at the latest tricks being used by those hated miscreants; the spammers:

All the following screenshot of actual spam e-mails I have personally received have been sanitised, to hide the e-mail addresses that received them [mine]; this is to stop spammers sending me even more spam than they do now [over 93 percent of all mail I now get is spam], and secondly to not assist them in advertising the websites they sell their ‘crud‘ from.

Here is a screenshot of a new hybrid spam [graphical and text] that I’m seeing quite a lot of right now:

A larger version can be found here.

This particular spam is using multiple tricks; a graphic with the actual spam message [in this case, each letter in a coloured box, is a separate graphic], and text taken from books or websites, above and below the image file[s]. Why? Well this is a common trick to try and fool anti-spam filters, especially, in this case Bayesian classifiers. They have even thrown in a string on random characters, just to try and confuse filters, or so they think!

Here is a screenshot of a new graphical spam, which uses a new technique to try and slip past anti-spam filters. As with the previous example, I’m seeing quite a lot of this right now:

A larger version can be found here.

The above graphical spam is different from what we had seen so far, in that unlike previous graphical spam, this one doesn’t rely on a hyperlink [URL] in the body of the e-mail, again this move is to try and make the job of filtering out spam harder. Instead, the graphical spam tells you to manually type in the URL in your browser, to go to the site being advertised. The url in the displayed box is even animated, showing one character at a time, as if it was being typed.

There is a variant of the one above, that uses the ‘random text/sentence’ trick from the first example, as well as the graphic seen in the second example.

Did you think that because of the rise in the use of graphic based spam, that ASCII or HTML based spam was dead? Well, think again, it is diminishing, however, as the following screenshot of ASCII based spam shows, the spammers still use it and it can still bypass anti-spam filters:

Yes, it is just ASCII text characters, well apart from the URL at the top, which takes you to their website.

So, how do we defeat the spammers and get our inboxes back? Well, I covered a number of tricks and tools in my blog posting entitled ‘Do You Like SPAM?‘

As a final thought on how the spammers can be defeated, here’s a quote, again from ‘The Register’ article mentioned previously: Hart argues that, if no one bought the goods hawked by spammers, then the incentive for bulk emailers would rapidly go away. The message is simple, he added.

“If you don’t like spam, then don’t do business with spammers.”

If this sounds familiar, well regular readers of this blog will know that I said the same thing quite a while ago [almost 16 months ago to be exact], here it is: ‘Never buy anything from a SPAM e-mail, it will only make the problem worse.‘ Yes, it is from the ‘Do You Like SPAM‘ entry I mentioned above, how’s that for a good tie-in?