Everybody hates email spam. It is annoying and wastes time, takes up disk space and can slow down the network. And despite the increasingly advanced efforts by the companies that make money from combating spam, it continues to grow at a startling rate. From June 2005 to June 2009 the amount of email spam more than quadrupled.
Money is of course the driver of spammers, who are mostly sales people looking to sell products and services. Email is a cheap way to get a message to millions of people – even if most of them do not even read it, the few that do respond make the spammers efforts profitable. In order to keep sending out their messages, spammers have had to have a few tricks up their sleeve in order to bypass spam filters.
1st trick: botnets and zombies
Spammers use ‘botnets’, a collection of computer systems or ‘zombies’, which are all linked to a common control structure. These zombies can be instructed to send out spam, phishing, viruses and other malware. Because IP addresses guilty of sending out too much spam get a ‘bad reputation’,
2nd trick: borrowing a good reputation
As mentioned, analysing the reputation of the Sender IP address is a common method used by spam filters to block spam. To counteract this defense, spammers ‘borrow’ IP addresses with a good or neutral reputation. They either create email accounts with Internet Service Providers (ISPs) all around the world, or buy access to a hacked email server and exploit the reputation of the company whose server has been hacked.
4th trick – word salad
Spam filters evaluate the words in an email message and group them into ‘good’ and ‘bad’ words – bad ones being the ones typically found in spam emails. The term ‘word salad’ refers to the spammer’s trick, whereby extra ‘good’ words are added to an email message (those typically not associated with spam). The spam filter will pick up more good words than bad words, and decide that the message is ‘good’.
5th trick – light reading
Taking it a step further than the ‘word salad’ technique, some spam messages contain entire extra sentences and paragraphs added to the message – with the same aim, to add in good words and phrases to skew the spam filters evaluation of the whole message. The use of complete sentences makes it harder for the filter to exclude the good words.
Another way spammers trick spam filters is by changing the size of the font of some letters, yet making those that make up a message readable. The recipient can read the message, while the spam filter sees a line of gibberish.
While the human brain can decipher a scrambled message like ‘Crteae a more ppsorerous future for yuoserf’, spam filters cannot. And because slang, acronyms, abbreviations and human error feature regularly in our legitimate daily emails, it isn’t feasible to program spam filters to block emails with misspelled words in them. By scrambling the letters in words, spammers are often able to get past spam filters.
8th trick – bad words in disguise
Yet another way spammers get around spam filters is by using symbols, special characters and different character sets to spell out words. For example, VIAGRA becomes \/!ǺGRĂ – and it is estimated that there are over 600 quadrillion ways to spell this word using different variations.
If you receive a spam email with an image in it, by sending it to ‘junk’ you expect that your spam filter will stop the same message from reaching you again. But spammers get around this by making small, unnoticeable changes to the message or image –changing its size by one or two percent, changing the background colour, and making small adjustments to the layout.
IT News Africa
No comments:
Post a Comment