Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Inappropriate Spamvertised Domain Names | Main | Amazon Prime Phish »

December 18, 2008

Beneath the Latest Blasts

I was wondering why, despite some very pointed filtering on my email server, a fair amount of sex chat lures have made it to my email client—where Entourage has successfully spotted every one as spam and diverted them accordingly. The rendered body of all of these messages claims to be from someone who "was just reading your profile online," and implores me to visit via MSN. Uh, no thanks. But a peek at the source code reveals why this recent flood may be making it into a lot of inboxes.

The message bodies are intentionally malformed HTML documents. They start like this:

<html> <body>

<br />
Hey there, i was just reading your profile online and i would love to chat<br>you should come on MSN i am waiting [removed]girl69@hotmail.com or on yahoo IM [removed]xoxo@yahoo.com
</body>

But before reaching the final <html> tag, the author has inserted a <style> tag whose content is a humongous semicolon- and return-delimited list of 1000 (exactly) words, names, and numbers. None of the text inside the tags is rendered, but does get studied by at least some content filters. Here's how the list starts out:

Mario;retour;apartar;painfully;Mon;Pronti;Charron;cancel;catastrophe; coppia;Busch;ministro;identified;Amerikaanse;answering;asap;Blues; recognized;oranges Schmitt;amp;establishes;Tom;Communist;arranges;Cairo;Mission;osteen; Eller;Scurry;Bezos;sawdust;wesentlichen;reformsgolpe;Antingen; confidence;Barnes;afternoon Nestor;Huang;center;adds;menschen;Rhythm;vorsichtig;gegaan;avail; Circumstances; ....

Oddly enough, this collection was not randomly assembled for each message. They were all identical. Perhaps it is a carefully researched collection of text that has proven to get past various Bayesian filters. Also identical were the forged Sent: dates and times (17 December 2008, at 14:50 PST). Subject: lines varied a bit from a presumably canned list (e.g., Hey Baby, i think i love you, Chat With Me, etc.).

I won't say how many made it to my email client, but suffice to say it was enough to get my attention. Just not enough to get me to dial up MSN and chat. Sorry, grrrls.

UPDATE (17:50PST): I guess it wasn't a carefully-crafted list of hashbusting words after all. Just saw another one with a smaller list of 156 different words hidden in a <style> tag, beginning with: ghoulish;automate;inc;acquire;chord;autopsy;lubricious;flintlock;dexterity;depressant;

Posted on December 18, 2008 at 04:46 PM