On Fri, 26 Apr 2002, Jim Cockerham wrote: > Below is a copy of the source from one of the messages , The actual > message viewable in Outlook express was just a simple > link................. The most obvious purpose of such hidden tags is to bypass anti-spam filtering software that, say, redirects a mail to /dev/null once enough words like "best", "opportunity", "deal", "click", etc are found in the body. Some spammers also use neatly obfuscated JavaScript that writes the actual message - but the latter is relatively easy to filter out. Quite recently, spammers seem to be really interested in being as obtrusive as possible. The trick itself is not new, but wasn't very popular nor exploited by "respectable" spammers (just had to use this phrase) few years ago - but now, it is a real problem. This is a sad tendency, probably caused by a very rapid increase in the spam volume (wasn't that something like 900% a year?) - it takes more and more to be visible. I guess they do not really believe a guy who put some effort in filtering out the spam will respond to their offer if only they manage to bypass the rules he's using - I think they are targeting anti-spam filters set up for whole corporations, mailing lists, user groups. -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 26 2002 - 13:38:23 PDT