Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viagra spammers using tricks?


  • Please log in to reply
4 replies to this topic

#1 Johnz414

Johnz414

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, WI
  • Local time:12:01 AM

Posted 10 January 2009 - 09:52 PM

Hi Anyone having a little knowledge of spamming,

I've recently received a Viagra spammers email with "Viagra Super Active+ Cialis Super Active+" in the body of it. I went to copy and past this into a filter to try to keep from receiving this spam in the future only to have this appear off to the right when high lighting it:

VOZGT5242LQiaNOENV4381MBgra SABUGD8882XEupCMW1195WTVFer ADXX8428RXDOctiHIO1648SHFUve+ CGX7974TSGBDialIS2576QNFVPis SJD7500PCEPYupKN2122ORCJGer AAR7954ZYWLSctiYHV1669BJYR ve+



This very long alpha numerical string is also what was pasted into the filter when I went to paste.

How is this done? And what can one do to stop this spam from getting through not only my ISP's filters but also mine, ie., what kind of filter can I make to filter these messages?

Needless to say I'm sure they will never use this alpha number string again so a filter against it will probably be useless.

However, the more I know how they do this the more likely I'll find a solution to stop them.

Anyone able to explain how this is done and if they know of a way to stop them I would greatly appreciate your wisdom. :thumbsup:

Thanks,

John

PS If I cut and paste the "Viagra Super Active+ Cialis Super Active+" from the email to here when I go to post the message instead of the "Viagra Super Active+ Cialis Super Active+" appearing the long alpha numerical string will appear?!

Edited by Johnz414, 10 January 2009 - 10:02 PM.

John

"Genius is nothing other than pointing out the obvious",
Albert Einstein.

"I am what I am and that is all that I am, I am Popeye the Sailor Man", Popeye.

BC AdBot (Login to Remove)

 


#2 Guest_fuzzywuzzy6_*

Guest_fuzzywuzzy6_*

  • Guests
  • OFFLINE
  •  

Posted 13 January 2009 - 07:56 PM

Do any of the forums you belong to have problems with spambots? i can't tell you how to clear them out, one suggestion (several years old, now outdated) was to use a dedicated gmail account for forum mailings.

#3 Guest_fuzzywuzzy6_*

Guest_fuzzywuzzy6_*

  • Guests
  • OFFLINE
  •  

Posted 14 January 2009 - 10:55 AM

I am not technologically gifted, but here are a couple more suggestions: you can go to your address book and remove any addresses which start with your own e-mail address; I have done this, and it does help for a while, but it is something that has to be done from time to time. Also, if you belong to any health/diet/nutrition sites, a lot of them use services like Casales Media, which are not very secure, have poor designs for their sites, are not careful about their sponsors, etc., etc., etc., which means if you belong to one of these sites (which sometimes have very useful information digests on a frequent basis), you will get ads for male potency/enhancement regardless of your gender, health condition, or what boxes you have checked. It's not just that their ads are infected, they sell their info like crazy, I believe. just like the legitimate charities that send you paper mail because you are a member of their organization or have donated to them in the past. You end up getting endless solicitations from charities you would rather not donate to.

One of the technology reports stated that some legitimate-seeming ads placed on legitimate sites are not actually for legitimate products, and are deeply infected with Java. Click on it once. . . And no, I cannot recall which tech report. Also, legitimate ads are often infected, and highly aggressive. I have noticed some of them on tech reports at The Washington Post, ISP rating sites and other sites connected with e-magazines which provide internet safety information, etc., starting around Christmas-time. So even with java and java script protection add-ons, the task is much like running on an inclined treadmill while trying to keep a large rock from rolling down the incline on you. Worse than sisyphean.

I am hoping that, by my posting on this thread, some serious techie will get curious and read your request!

#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  

Posted 14 January 2009 - 11:44 AM

I have to say that I have seen a significant decrease of spam in my Spam folder ever since that big Northern California spam factory was shut down a couple of months ago. The effects of that has lasted much longer than expected.

#5 nospam

nospam

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:pueblo

Posted 16 January 2009 - 08:25 PM

How is this done? And what can one do to stop this spam from getting through not only my ISP's filters but also mine, ie., what kind of filter can I make to filter these messages?


I believe these very persistent spammers do this so that their spam bypass Bayesian filters which look for particular patterns of text in the usual spam. I believe this is done for the same reason that some spam messages contain passages lifted from well known books (like passages from the Harry Potter books). I have seen jumbled text in spam (seemingly hidden) from time to time when you do highlight text.

If you go to the Spamtracker's Wiki, you will find some insightful spam research on various methods some of the larger spamming operations use.

http://www.spamtrackers.eu/wiki/index.php/Main_Page

I don't think I covered the most technical part of the answer, maybe someone else can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users