The latest technical marvels from the Evil Spamming Bastards

[jducoeur]

Okay, yes -- they deserve to be dropped in a vat of boiling oil and left there until well crisped. But still, one has to be impressed by the cleverness of the stock-push spammers. Today's variation seems to be email with many very short, very wide animated GIFs embedded in it. When you open the email, the GIFs begin to play, showing random slight visual garbage that eventually resolves into the usual "INVESTORS WATCH OUT! FIRM WILL BLOW YOUR MIND!" spam message. No single GIF contains anything other than garbage: you have to render all of the GIFs, laid out properly, in their final frame, to see the text.

I have to wonder how many people are falling for these things at this point. I mean, they're actually hiring some halfway smart programmers here, as they try to stay a step ahead of the spam filters, and they're working hard -- I can see the spam tech evolving week by week...

Edit: Okay, not quite as smart as I thought -- upon closer inspection, it's still all a single GIF, that just happens to render bit by bit for no apparent reason. So the final frame is still the same as the previous round of spam tech; shouldn't take long for the anti-spam forces to catch. But I suspect they'll think of the many-little-images version soon...

Comments

[cvirtue.livejournal.com]

metageek says he's getting spam with subject lines from text of The Foundation Series, which is becoming rather surreal.

[fitzw.livejournal.com]

Well, I've seen text from The Lion, The Witch, and the Wardrobe...

[lady-guenievre.livejournal.com]

If they haven't figured it out by now, they might just figure it out from your journal... if I was a spammer I'd certainly be looking for these things...

[fitzw.livejournal.com]

Makes me even happier that my email can't render graphic images (when it renders HTML email, it's text only).

It means that I have to go through hoops to read messages that well-meaning friends send me with embedded images, but so far it's been worth it.

Oh, and any email that is pure HTML, rather than text or text+HTML goes into a separate folder to be examined later. I have found that the false positives for spam after setting up that filter is about .5%...

[johno.livejournal.com]

Our Anti-Spam vendor informs us there is new spam program out there. Whole new set of features and changes in the way the messages are constructed.

They are slowly catching them, but it's though as the program is not blasting out thousands and thousands of messages at a shot. Only doing 2-3 thousand at a shot to a bunch of different domains, then later doing a differnt set of domains.

Images in mail

[metageek.livejournal.com]

My mailers are set not to display images in HTML mail, mostly because of the privacy risk when the mailer fetches an image from a Web server.

Re: Images in mail

[jducoeur]

That's a more extreme position than most. More typical is what I do (which is now the out-of-the-box default for most mailers, I believe) -- suppress all remote images, but permit images that are embedded in the email as attachments...

Re: Images in mail

[metageek.livejournal.com]

Let me see...yeah, that is what I've got. I haven't noticed images in spam because I mostly don't open spam in the first place.

Re: Images in mail

[metahacker.livejournal.com]

And in fact this is all Outlook allows, as far as I can tell. And I basically never want to see images in email in-line...

Time to write that mail client again, I guess. (I fake this by using AdBlock to block images in my online mail apps, which carefully wrap mail-embedded images in easy-to-regexp urls.)