funsec mailing list archives

Re: An OCR plug-in for Spamassassin

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 17 Apr 2006 17:24:02 +1200

Valdis.Kletnieks () vt edu wrote:

OCR it the first time, and then save the data.  When another JPG
shows up, just compute a hash of it, and if you've seen that hash before,
use the OCR from the first time.

That should work till the miscreants start pumping out differing tweaked images
for each spam... ;)


Ummmm -- no posted evidence to link to this time (I never bothered 
because it was so common at the tiem, I assumed everyone vaguely 
interested in spam would have noted it), but they've been doing this 
for months and months and months...

I saw a suggestion somewhere it was the Kuvayev gang, but regardless of 
who it was, but a lot of "penny stock" spam back in January (maybe back 
into last December?) through into early February (from memory) was of 
the form:

   <nonsense text block>
   <(relatively) unique "message text as image">
   <nonsense text block>

The middle bit was an image of text on a coloured background with three 
randomized components.  The background contained light (so as to not 
terribly degrade readbilility) noise (pixels close to, but not quite 
the same as the background colour, and occasional black pixels), the 
images had a random frame (ranging from a band a few pixels wide to 
multi-line affairs) and the frame was degraded with (heavier) noise 
(random black pixels across the frame and encroaching slightly into the 
main image).

These were almost certainly produced by some image generator engine.

So, again, the spammers had the drop on your idea...

(It's obvious, really, given that one way to counter spam is the 
"clearinghouse" idea, based on "checksums", and such an approach would 
seem, in theory, more effective if the spammers moved to inline images 
with the message entirely encased in the image.  Thus, we should not be 
surprised that as some spammers seem to be moving more to image-only 
spam, they'd be looking for ways to bust simple and obvious anti-image-
only-spam  approaches.)


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

An OCR plug-in for Spamassassin Gary Funck (Apr 16)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
  - Re: An OCR plug-in for Spamassassin Drsolly (Apr 16)
    - Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
    - Re: An OCR plug-in for Spamassassin der Mouse (Apr 16)
    - Re: An OCR plug-in for Spamassassin Dude VanWinkle (Apr 16)
    - Re: An OCR plug-in for Spamassassin Valdis . Kletnieks (Apr 16)
    - Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
    - Re: An OCR plug-in for Spamassassin Axel Pettinger (Apr 17)
    - Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 17)
    - Re: An OCR plug-in for Spamassassin Axel Pettinger (Apr 17)
    - Re: An OCR plug-in for Spamassassin Florian Weimer (Apr 17)
    - Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
    - Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
    - Re: An OCR plug-in for Spamassassin Dude VanWinkle (Apr 16)
    - Re: An OCR plug-in for Spamassassin Drsolly (Apr 17)
- <Possible follow-ups>
- RE: An OCR plug-in for Spamassassin Gary Funck (Apr 16)
  - RE: An OCR plug-in for Spamassassin Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 16)

(Thread continues...)