Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Phish Are Jumpin' and the Rotten is High | Main | Malware Via Phony Invoice »

August 23, 2009

The Oldies Keep Coming

Just a few days ago I wrote about old-fashioned web beacons surfacing in a spam message I saw. Today, a half-hearted attempt to disguise hash busting text found its way into another spam. The part of the spam intended to be viewed by the recipient was almost all images (with visible instructions on how Outlook users can download images in the email if they were blocked — Yah!). Below the tiled image group was a bunch of what appeared to be white space. White, that is, until you selected it. Here's a small segment in actual size:

Hash text intended to be invisible

The text is set to 6-point font with a white color. Like albino ants in a snow storm. A good chunk of the text is Ebay user agreement legal verbiage. Then there is a <style> HTML element whose content is an enormous list of random words in numerous languages, number groups, and gibberish (nnggttff is a popular gibberish group).

As far as I can tell, the spam is trying to sell a work-from-home scam to mothers with young children. No Employees, No Stress, All Profit, it promises. Unfortunately, it's talking about the sender.

This turd-bomb was sent by a long-time spammer who thinks he's in the email marketing business. He surfaces regularly, and you can read some salient points here. The home page of the recently-minted domain used in the pitch I saw has the same email marketing bullshit image described in the link above. If you had a Buzzword Bingo game card for the "email marketing" category, you'd win before finishing the first paragraph.

I was happy to see that a large block of IP addresses (different from the blocks described in the link) surrounding the one I saw is already on many blocklists. A lot of spam filters won't even get to analyze the hash-busting text because the message will be sidelined or trashed.

Let's hope.

Posted on August 23, 2009 at 05:02 PM