Full Disclosure mailing list archives
Re: spam with anti-bayesian parts
From: "Suresh Ponnusami" <surya () nsecure net>
Date: Mon, 12 Jan 2004 16:59:50 +0530
Actually most of the spammers use automated tools that contains some scriptable plugins to evade the spam filters. Since they spam more that 1000's of users at a time, picking something real might be a bit slow and requires extra processing. Even if they create a template for all the mails, that'll take up some time which they may not want to waste on. Also, introducing random gibberish noise might be able to get through bayesian filters because, that particular gibberish junk may not be in the database. And sometimes after learning that pattern, the pattern may not repeat et-all. next time, since it's just a random sequence. There are endless patterns that you can create with just 26 character using just a line of perl code that'll never repeat. Also they introduce unicode characters alongwith the sequence of the noise. It's one of the evasion techniques that spammers use to get around the spam filters. regards, Suresh Ponnusami Technical Architect http://www.nsecure.net/ ----- Original Message -----
To wind up the earlier thread I started when I thought it might have been
a
misbehaving worm: The first spams with 2 lines of ad and 20 lines of random garbage words arrived in my mailbox yesterday, going cleanly through the bayesian
filters.
The explanations on this list are thus proven correct. The filters DID give them a 70% spam probability based on bayesian filtering, so I figure it will be a matter of some training and they'll go away. What I'm wondering is: Why do the spammers even go to the length of using random words? Those are easy to filter out with some heuristics (e.g. missing punctuation). Why don't they grab some real text, say from a news site? There's an endless supply of new, proper text out there.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- spam with anti-bayesian parts vogt (Jan 12)
- Re: spam with anti-bayesian parts Paul Farrow (Jan 12)
- Re: spam with anti-bayesian parts José María Mateos (Jan 12)
- Re: spam with anti-bayesian parts Suresh Ponnusami (Jan 12)
- RE: spam with anti-bayesian parts Bojan Zdrnja (Jan 12)
- Re: spam with anti-bayesian parts Gismo C. (Jan 12)
- Re: spam with anti-bayesian parts Nick FitzGerald (Jan 12)
- Re: spam with anti-bayesian parts Jonathan A. Zdziarski (Jan 12)
- <Possible follow-ups>
- Re: spam with anti-bayesian parts Feher Tamas (Jan 12)
- Re: spam with anti-bayesian parts Paul Farrow (Jan 12)