Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« January 2011 | Main | March 2011 »

February 07, 2011

OMG! A Spammer Caught in a Lie! Permalink

I've seen lots of spam messages for a variety of products that look like the following:

Lying spam message

Most of the ones I've seen have been sent to an email address of mine that had to have been ripped from an infected PC whose owner had received a personal email message from me. Stupid-ass-bastard, whoever it is.

In any case, this series of messages uses a variety of tricks to get past content filters. The most obvious (without even looking at the HTML source code) is that the messages include "invisible" text whose color is set to the background color (or close enough to the color that you can't see it with the naked eye). When you select the text in the message, you can see the filler words, which (upon checking the HTML source code) have been fitted with style-enhanced span (and other) elements to make it difficult for content filters to see runs of commonly spammed phrases:

Lying spam message, filler revealed with selection

These kinds of tricks have been used since HTML was first used for email, and really got going when content filters activated into high gear several years ago.

I laugh (with tears of sadness because people believe this crap) when I see these assholes flat-out lie to recipients about the sanctity of their email addresses. There is no subscription management page. You cannot ever unsubscribe from whatever lists your email address is on used for this campaign. And the instructions to reply with the "remove" Subject line? Complete bullshit. The reply-to address (as I've verified) does not work (it's a valid [hijacked] domain not associated with the spam sender or product, but an invalid username). Clicking on any one of the links in the email message, however, likely earns a referral fee for the person responsible for sending the email message through a botnet (all of the links to the Russian site include codes that possibly identify the sender).

Whenever you catch yourself thinking an unsolicited spammer is telling the truth, that's when you should immediately recognize that it's all a Big Lie.

Posted on February 07, 2011 at 07:33 PM