Not That You Asked

Spammers Text Tricks

As discussed in my last most, Sneaky Email Sucks, spammers are driven to find clever ways to represent (or mis-represent I guess) text or words in their messages.

Since text can be easily analyzed and through bayesian processes deemed “spammy” or “not spammy” rather easily, spammers try to do things like use images to print their text on instead. When anti-spammers countered that by hash analysis/fingerprinting the images for comparison, spammers added random noise to their images. The text obfuscation battle continues.

In this case, the spammer cleverly uses basic HTML table, coloring various cells in the rows and columns to spell out “V I A G R A”. It reminds me of when occupants of tall buildings in a city somewhere, for a special event like the Superbowl, or maybe just a stunt for a TV comercial, turns on lights only in particular windows of the skyscraper for the same effect.

It’s the first time I’ve seen this HTML table approach to slipping spam in (and it got into my inbox in Outlook) – so while I can’t say that it is a new technique for sure, it seems to have worked. No doubt the filtering companies will pick up on this one. Gosh it’s easy to break systems – Captain Obvious here I know – it is much easier to be a bad guy than a good guy with email. That blows.

This is a simple example of text obfuscation – if you want to really geek out on the subject, check out the paper: Fighting Unicode-Obfuscated Spam.