Poetry Spam

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

We’ve all received spam that reads something like this:

Further, restaurants and shopping are just a short walk away. Money can do strange things to people. He mentioned that Paul Mooney was going to be coming in today. hope i hear soon as being the week-end im already bitting my nails LOL. Earthquakes too small to be felt are abundant in the seismic zone, and seismographs have recorded hundreds of them in recent decades. You have to be half-crazy to think that the skin is some kind of permanent barrier that keeps out everything you put on it. This hasn’t been a short-term obsession. Thanks for your help with the guessing! She said she has her own teeth and she does brush them. On the other hand, how much can we believe of what’s said and printed in our own press and by our own politicians? Going to create a Dizzee Rascal pictures thread with how to post and link to dizzee pictures. Irrelevant to this discussion. Should I Get a Tattoo? Approval times for new drugs have been significantly reduced. It appeared to be pulsating. The question is about Freedom, not Free-as-in-beer. So, how should you use sector funds?

It’s usually from someone with a name like “roof,” has a nonsensical subject line that says something like “prissy oblong” and comes with an attachment named something like “cheeseburger.gif.” You know the attachment has some nefarious intention, but what’s with the gibberish in the body of the e-mail?

“Sometimes it can be quite interesting to read them,” said Paul Wood, senior analyst at MessageLabs, a firm that studies patterns in spamming, among other things. “It’s almost like reading some kind of existential poetry.”

But it’s not Sartre writing this stuff — it’s software. Wood said the same software used to send spam is used to generate the nonsensical texts within them, using a template programmed to grab from disparate sources.

“What they do is take in strings of text from various sites on the Internet, and in a lot of the cases, that might just be peoples’ blogs,” Wood said. “You’ll get a few quotes from one and another quote from somewhere else, so actually reading it almost makes sense, but the sentences don’t flow.”

The process is so continually randomized that, essentially, these spam e-mails are like snowflakes — no two are alike.

“If they’re sending the same message to you and me, they’ll actually be different,” Wood said. “The block of text that you get will be different from the block of text that I get.”

It’s known as hash busting: A mass of nonsensical data is inserted somewhere with the intent of causing controlled failure. What fails is spam-blocking software because if each spam is different and randomly generated, it’s impossible to fingerprint that spam as being spam. The point is to get the malicious attachment (cheeseburger.gif) through to you, the target.

“If you get an e-mail that just contains one image, then that might arouse suspicion of the anti-spam software, but it wants to analyze the text in that message and try to weigh a probability of whether or not that is spam,” Wood said. “So if those words — and not only the words that are used but the position of the words and the context of the words used next to them — seem to make some kind of sense in English, it will lean toward that being a normal message.

“It makes it more difficult to fingerprint. If you’re using a service that works on fingerprinting known spam the way that anti-virus software can fingerprint known viruses, it just doesn’t work.”

The attachment can’t be fingerprinted either.

“It’s impossible to fingerprint the image contained in that spam because they’ll make that unique for every single message just by changing a few random pixels in the background,” Wood said.

But there’s no use getting all bent out of shape about it. Rather, it’s just more clever black-hat trickery. With any luck, anti-virus programs keep it from affecting your life, beyond clogging your junk e-mail folder with nonsense such as “I love to shop for myself but always find it difficult to shop for others. That’s what the six-month wait is all about. The island is well-known for its pork products. A background in financial services is a plus …”

–Daniel Margolis, dmargolis@certmag.com

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: