November 13, 2004Foreign Language Spam
In "Spam Wars," I write about clueless spammers who "think locally and act globally." They compose spam in non-Roman languages (commonly Russian and Chinese) and address the spew to a .com domain. Of course, nothing about a .com domain indicates that its owners and recipients are exclusively English-speaking, but the chance that they'd know (or that their computer could even display) Russian is miniscule, compared to someone at, say, a .ru address.
And so, today I saw a spam message in the queue whose title was all gibberish. Inspecting the source of the message, I traced that it had originated from Israel. The Subject: line language was, I now assumed, Hebrew. The message body was simply an image (retrieved from an Israeli web site) and—if I had opened it in my email viewer—a hit counter supplied by a third-party source (Finland-registered, U.S.-hosted). Fortunately, my safe way of previewing suspicious mail prevented the suspect hit counter from incrementing a single digit.
The image, I discovered separately, contained Hebrew text and graphics clearly aimed at Israeli kids (fuzzy cartoon characters with big googly eyes). The domain name indicated that it was for kids, while its .il country domain further pointed to an Israeli connection. The spam message body would have also downloaded MIDI and MP3 sounds, had I opened it normally (whew!).
It's hard to tell whether the outfit being advertised (a domain with a few years' seniority) was doing the advertising, or if a Trojaned PC somewhere in Israel had been hijacked to email a kind of Joe Job against the site—while driving the hit counter via a quasi-sneaky way. The IP address of the message's entry point was a dial-up provider in Israel, so there are a few possibilities behind this "campaign."
On the one hand, I hope that the advertisers weren't so Spam Rule #3 Stupid as to send Hebrew ads to the great Internet void. On the other hand, I hope that some unsuspecting Israeli computer user hasn't had his or her computer hijacked by ne'er-do-wells.Posted on November 13, 2004 at 03:27 PM