> Usually they are a very generic advertisement but if you view the
> source of the message they have hidden messages in them.
> The first one had "Mary had a little lamb" hidden all throughout the
> message, but others have different messages hidden in the source.
This looks like a technique to confound a couple of strategies for identifying
spam.
Suppose you are searching a message body for certain keywords ("mortgage")
to determine if it is spam. Breaking up those keywords with HTML comments
will defeat a string match, while still displaying the keyword to the email's
recipient (assuming they use an email client that displays HTML).
Now, suppose you check a message against digests or signatures calculated
from previously seen spam (e.g. using Vipul's Razor). The spammer can write
a single email, then modify each sent copy with randomized/different comment
strings (this also applies to emails with random alphanumeric strings appended
to an otherwise normal subject line). The email's various recipient's will
each see the same message -- but they will calculate completely different
signatures.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 26 2002 - 11:08:46 PDT