New Kind of Spam 'Un-Training' Filters?

Zaphod2016 writes to tell us the Wall Street Journal is reporting that email in-boxes are under a new kind of spam attack. This new spam has confused many people due to its lack of advertising, viruses, or request for personal information. One popular theory is that these innocuous blocks of text, often drawn from popular literature, are being used to "un-train" spam filters to allow more malicious spam through in the future.

Other way around?

[Sepodati]

Wouldn't it work the other way around? I still flag crap like this as spam, so it seems like it'd train my spam filter to have more false positives, no?

---John Holmes...

I buy the "broken spamware" angle

[nuzak]

The WSJ article also gives due time to the theory that the spamware is simply broken and that the spam payload is being delivered with the padding and not the payload. Since I've previously seen plenty of Gutenspam (my name for this spam that contains snips from Gutenberg texts) with an image payload attached, I'm definitely leaning toward the notion that they slipped somewhere and are now not delivering the image.

Woe betide literature discussion groups now that filters are trained on the classics.

Re:My uninformed hunch: screwup...

[Darth_Burrito]

That was always my hunch too. Put another way...
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor [wikiquote.org]

Re:specious defillibrator

[truthsearch]

Why the hell do you fucking spammers think that anyone will ever buy from you?

If there wasn't money being made there wouldn't be any spam. At least a tiny percent of the people who get this are acting on them. It must be paying off for someone.

Re:Other way around?

[John Hasler]

> ...Seems like it'd train my spam filter to have more false positives, no?

Thereby convincing you that it is worthless, causing you to scrap it.

Probably something far less ingeneous.

[OwlWhacker]

I have seen quite a number of corrupt e-mails coming from spammers. Occasionally you find the subject is merely %%SUBJECT%%, or an e-mail has entered your system consisting of just the headers and no body.

My theory is that there are more people attempting to use spamming applications, and many of these people don't have a clue what they're doing. You'll probably find that they've forgotten to add their text to the e-mails, or are just not reading the documentation on how to successfully send their spam.

We've had this for years

[patio11]

The term-of-art within the anti-spam community is "Bayes Poison". Generally its appended to an actual spammy offer, but some spammers have in the past used the technique with web-bugs to determine whether they are able to deliver to particular boxes with non-spammy content, so that they can evaluate whether their later more-spammy content was excessively spammy or whether it hit the sweet spot on the blocked vs. effective-sales-pitch continuum. Most people in the anti-spam community report that garden variety Bayes Poison is ineffective at either de-spamming spammy messages or causing your corpora to be skewed to the effect that they are unusable. One major reason for this is that corpora are so specific to individual users. For example, poisoning my inbox with copies of Huckleberry Finn is rather ineffective because nobody I talk with on a regular basis writes like Mark Twain. For you to do actual damage, you would have to know enough my habits to guess subjects and words which appeared very commonly in legitimate mail -- for example, the names of my family members, keywords relating to my job or extracurricular interests, etc. It is very difficult for spammers to get this information, but some academics have reported that it is theoretically possible, although in practical terms very difficult, to use web bugs to extract the "secret sauce" needed to land in one particular inbox. http://www.jgc.org/SpamConference011604.pps [jgc.org]

It's like any reactive relationship

[blueZ3]

Spam and anti-virus are good examples of fields where the "solution" is reactive to the problem.

1. Spammers and malicious code writers come up something annoying.
2. Anti-spam and anti-virus software reacts with a method to prevent the annoyance.
3. Spammers and virus writers implment new tactics.
4. Repeat steps 2 and 3 ad infinitum
(The "Proft!" step is probably at 1a and 3b, but that's another issue)

It's not that the spammers are "beating" the spam filters, it's that they are using new tactics and it takes a certain amount of reaction time for the filters to be updated to fight the newly evolved threat. This is why spam filters aren't the ultimate solution to spam, though they are a useful stop-gap

A lot of my spam seems pointless

[nasor]

For a while now I've been getting spam for various products or services where the spammers purposely misspell words, spell words with a mix of letters and numbers "l33t" style, or spell words phonetically. I assume that this is to get past spam filters, and I imagine it works to some extent. The question is, do they honestly think anyone would ever buy something from a company that advertises "ch3@p nonperscrip70n med1ca7ion" or "lo morgage rates"? Who the hell would ever do business with a company that can't even seem to spell properly?

Re:Other way around?

[pe1chl]

Well, I maybe should have noted that it actually is helpful that it works this way, because the "english language blocker" blocks very much more spam messages than that it causes false positives.

The spammers will have to move on to i18n, to get their message through.

Re:A lot of my spam seems pointless

[Anonymous Coward]

You have to put yourself in the shoes of the average spam customer. You might be wanting to try some viagra, for example, but are too ashamed or don't know where to go. Once and a while, you see a message in your inbox regarding "ch3ap medz". Sure, it's tacky. But, you don't care - or you think that's how it works on the Internet; That's how these things are kept on the DL. After all, it was a bit of a challenge to find some of free music on the Internet, wasn't it? You may even be delighted that you've "cracked" the code. You feel that you're in on something. You're just glad to be able to order the stuff from the privacy of your own home.

Re:It's like any reactive relationship

[mrchaotica]

Isn't that like saying that the immune system is not a solution for diseases, only a useful stop-gap? ;)

We aren't immortal, so yes.

Just more for your spam filter to do

[mattbee]

One of our staff has written a custom spam filter based on dspam and the best addition we made in the last week was to add Optical Character Recognition support -- all image attachments are run through gocr and dspam fed with the output from this, not the original images. That way even though the spammers paste in chunks of text from god-knows-where, dspam still sees CIALIS and STOCKS and other trigger words.

I wanted to just drop anything with a .gif attachment but plenty of our valued customers like to send us a corporate logo with each individual message :-)

I wonder if a spam can might be a good idea.

[LWATCDR]

Think of it as a honey pot for spam. Use something like Fred@domain.com or jsmith@domain.com put it on a few website pages and usenet posts so the crawlers get it.
Any mail that gets sent to that address would half to be spam. Use that to build of a real time black list of messages and filter training for the rest of the domain.
Just wondered if anyone has ever do that.

Dont read too much

[140Mandak262Jamuna]

I think the spammers just bungled. They forgot to include the spammy payload. And some bug did not add the tags to make the text white-on-white with zero points or one points in height. They think these non spammy words will get them past to deliver a payload some inbox.

Even the professionals coding up Firefox and MS-Office and iMovie are known to have written codes with a few bugs in them. What makes you think these inexplicable non spammy spam is anything more than a hiccup by the script monkeys?

Re:A lot of my spam seems pointless

[Huge Pi Removal]

Who the hell would ever do business with a company that can't even seem to spell properly?

Very stupid people, mostly. There's no shortage.

Re:My uninformed hunch: screwup...

[gavri]

"Never attribute to malice that which is adequately explained by stupidity."

I'm never understood this. Why attribute to stupidity that which is adequately explained by malice? These are spammers. If they can untrain spam-filters, they will. How is picking stupidity over malice in this case a wise decision?

Re:My uninformed hunch: screwup...

[stokessd]

Because malice is hard, and stupidity is easy. Granted in this situation it's not crystal clear, but like a good spam filter, this addage is suprisingly effective.

Sheldon

Re:specious defillibrator

[MrBugSentry]

Or the third possibility that spam is more like MLM: There is no money in spam, just in selling spam tools and spam lists to suckers who think they can make money off spamming people.