Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Knowing Your Business | Main | Phisher Can't Keep His Scams Straight »

January 13, 2005

Same Tricks, Different Language

Every once in awhile a message written in Russian gets through my server filtering. My Mac OS X computer dutifully displays the Cyrillic characters, which, had I not studied ancient classical languages in college, would look Greek to me.

After checking the source code of today's arrival to make sure there were no images or other potentially nasty things inside, I opened the message to see the rendered characters. Then, with the help of Alta Vista's Babel Fish language translation site, I discovered that the spam was selling some kind of real estate processing scam. Probably similar to the English-language spams that promise tons of money for processing FedEx refunds (oh, please!).

My Russian friend learned some other tricks from English-language spammers. Following an assertion that this message is not spam comes this paragraph:

Russian Disclaimer

Loosely Babeled, it begins, "This distribution is produced in accordance with st.29 of ch.2 of constitution RF." I'm taking the last reference to be a citation to the Russian Federation constitution. I don't happen to have an English copy handy, but seeing this reminds me of the common disclaimers of being CAN-SPAM compliant, or the old chestnut that the message complies with a U.S. Senate bill that was never passed.

While selecting and copying the text from my email program, I uncovered text at the bottom in a white font:

Russian Hash Buster

The translation of this hidden text starts with a bit of gibberish, but eventually comes in the "clear" as reading: "patronymic, that to rifle battalion. It was in prospect to find battalion commander, to select fire". To me this looks a lot like the spam filter hash busting text you frequently see above and/or below English-language spam—text grabbed from literature and such to fool the filters into thinking the message is legit.

If it's any consolation (I doubt it), your fellow Russian spammees are fighting the same battles you are; and the spammers are using the same tactics as those who spam in English.

Posted on January 13, 2005 at 11:44 AM