RE: Strange hidden messages in email

[brett () benders net]

> Usually they are a very generic advertisement but if you view the
> source of the message they have hidden messages in them.
> The first one had "Mary had a little lamb" hidden all throughout the
> message, but others have different messages hidden in the source.

This looks like a technique to confound a couple of strategies for identifying
spam.

Suppose you are searching a message body for certain keywords ("mortgage")
to determine if it is spam. Breaking up those keywords with HTML comments
will defeat a string match, while still displaying the keyword to the email's
recipient (assuming they use an email client that displays HTML).

Now, suppose you check a message against digests or signatures calculated
from previously seen spam (e.g. using Vipul's Razor). The spammer can write
a single email, then modify each sent copy with randomized/different comment
strings (this also applies to emails with random alphanumeric strings appended
to an otherwise normal subject line). The email's various recipient's will
each see the same message -- but they will calculate completely different
signatures.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com