funsec mailing list archives
Re: An OCR plug-in for Spamassassin
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 17 Apr 2006 17:24:02 +1200
Valdis.Kletnieks () vt edu wrote:
OCR it the first time, and then save the data. When another JPG shows up, just compute a hash of it, and if you've seen that hash before, use the OCR from the first time. That should work till the miscreants start pumping out differing tweaked images for each spam... ;)
Ummmm -- no posted evidence to link to this time (I never bothered because it was so common at the tiem, I assumed everyone vaguely interested in spam would have noted it), but they've been doing this for months and months and months... I saw a suggestion somewhere it was the Kuvayev gang, but regardless of who it was, but a lot of "penny stock" spam back in January (maybe back into last December?) through into early February (from memory) was of the form: <nonsense text block> <(relatively) unique "message text as image"> <nonsense text block> The middle bit was an image of text on a coloured background with three randomized components. The background contained light (so as to not terribly degrade readbilility) noise (pixels close to, but not quite the same as the background colour, and occasional black pixels), the images had a random frame (ranging from a band a few pixels wide to multi-line affairs) and the frame was degraded with (heavier) noise (random black pixels across the frame and encroaching slightly into the main image). These were almost certainly produced by some image generator engine. So, again, the spammers had the drop on your idea... (It's obvious, really, given that one way to counter spam is the "clearinghouse" idea, based on "checksums", and such an approach would seem, in theory, more effective if the spammers moved to inline images with the message entirely encased in the image. Thus, we should not be surprised that as some spammers seem to be moving more to image-only spam, they'd be looking for ways to bust simple and obvious anti-image- only-spam approaches.) Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- An OCR plug-in for Spamassassin Gary Funck (Apr 16)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
- Re: An OCR plug-in for Spamassassin Drsolly (Apr 16)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
- Re: An OCR plug-in for Spamassassin der Mouse (Apr 16)
- Re: An OCR plug-in for Spamassassin Dude VanWinkle (Apr 16)
- Re: An OCR plug-in for Spamassassin Valdis . Kletnieks (Apr 16)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
- Re: An OCR plug-in for Spamassassin Axel Pettinger (Apr 17)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 17)
- Re: An OCR plug-in for Spamassassin Axel Pettinger (Apr 17)
- Re: An OCR plug-in for Spamassassin Drsolly (Apr 16)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
- Re: An OCR plug-in for Spamassassin Florian Weimer (Apr 17)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
- Re: An OCR plug-in for Spamassassin Nick FitzGerald (Apr 16)
- Re: An OCR plug-in for Spamassassin Dude VanWinkle (Apr 16)
- Re: An OCR plug-in for Spamassassin Drsolly (Apr 17)
- <Possible follow-ups>
- RE: An OCR plug-in for Spamassassin Gary Funck (Apr 16)
- RE: An OCR plug-in for Spamassassin Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 16)