Re: Strange hidden messages in email

[Michal Zalewski <lcamtuf () coredump cx>]

On Fri, 26 Apr 2002, Jim Cockerham wrote:

> Below is a copy of the source from one of the messages , The actual
> message viewable in Outlook express was just a simple
> link.................

The most obvious purpose of such hidden tags is to bypass anti-spam
filtering software that, say, redirects a mail to /dev/null once enough
words like "best", "opportunity", "deal", "click", etc are found in the
body. Some spammers also use neatly obfuscated JavaScript that writes the
actual message - but the latter is relatively easy to filter out.

Quite recently, spammers seem to be really interested in being as
obtrusive as possible. The trick itself is not new, but wasn't very
popular nor exploited by "respectable" spammers (just had to use this
phrase) few years ago - but now, it is a real problem. This is a sad
tendency, probably caused by a very rapid increase in the spam volume
(wasn't that something like 900% a year?) - it takes more and more to be
visible. I guess they do not really believe a guy who put some effort in
filtering out the spam will respond to their offer if only they manage to
bypass the rules he's using - I think they are targeting anti-spam filters
set up for whole corporations, mailing lists, user groups.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com