February 07, 2005Spammer's Translation Does Not Compute
The Web is, indeed, World Wide, which leads to visits to sites that are not written in your native language. If that happens to you a lot, you have probably already encountered translation services, such as Babel Fish. One of my hobbies has a huge following in Europe, with numerous Web sites in a language with which I have only a passing acquaintance. Thus, I use Babel Fish quite a lot.
I also know that Babel Fish doesn't always perform, um, glowing translations. It's not uncommon for the translation to be tortured, if not incomprehensible. Having seen its results, I still find it useful to get some other language into English to give me a clue about what's being said, but I would never trust it to convert my prose into something I'd send to a person.
One of today's spammers wasn't so cautious.
Here is the Subject: line for this mystery spam:
Subject: You need to render the delight of holding the best
Mmmkay. A safe check of the message's source code shows two different messages, one for non-HTML email clients, and one for HTML-capable clients. The non-HTML version (sans spamvertised URL) reads:
Top-quality source for your gifts.
Famous value at a most reasonable worth.
The HTML version reads:
Best website for your presents.
Great products at a very judicious cost.
This is precisely the kind of gibberish you'd see by translating some probably good non-English prose into English via Babel Fish. From what language? It's hard to say.
Each message had a separate URL and domain name. Both domain names—about 10 random consonants spelling out no word of a human language—were freshly minted just yesterday. Registration info for both lead to addresses in Japan and Oklahoma, although the Oklahoma registration is completely bogus. The Japanese one has all the right stuff in all the right places, but it, too, could be bogus. The message was sent through a proxy or Trojaned PC in South Korea.
As for what one actually gets by clicking the link, it's hard to say. I won't do it from any of my own computers, but through some snooping, I'm rather unnerved by indications that the servers appear to be checking whether the browser accessing the site is running Windows XP SP2. This could mean that the site is looking for pre-SP2 versions to infect with Bad Stuff or trying out an infection targeted at SP2.
Like the Sony camera business of last week (which may have reared its ugly head again under a different account at netfirms.com), this spam—gibberish or otherwise—points to how dangerous it is to click any link in any unsolicited message. Infections don't have to arrive as attachments anymore. Clicking a spam link is like lighting a fuse to a bomb whose concussion will take out your computer. In any language:kaboom!Posted on February 07, 2005 at 09:23 AM