lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: surya at nsecure.net (Suresh Ponnusami)
Subject: spam with anti-bayesian parts

Actually most of the spammers use automated tools that contains some
scriptable plugins to evade the spam filters. Since they spam more that
1000's of users at a time, picking something real might be a bit slow and
requires extra processing. Even if they create a template for all the mails,
that'll take up some time which they may not want to waste on. Also,
introducing random gibberish noise might be able to get through bayesian
filters because, that particular gibberish junk may not be in the database.
And sometimes after learning that pattern, the pattern may not repeat
et-all.
next time, since it's just a random sequence. There are endless patterns
that you can create with just 26 character using just a line of perl code
that'll never repeat. Also they introduce unicode characters alongwith the
sequence of the noise.

It's one of the evasion techniques that spammers use to get around the
spam filters.

regards,
Suresh Ponnusami
Technical Architect
http://www.nsecure.net/

----- Original Message -----
> To wind up the earlier thread I started when I thought it might have been
a
> misbehaving worm:
>
> The first spams with 2 lines of ad and 20 lines of random garbage words
> arrived in my mailbox yesterday, going cleanly through the bayesian
filters.
> The explanations on this list are thus proven correct.
>
> The filters DID give them a 70% spam probability based on bayesian
> filtering, so I figure it will be a matter of some training and they'll go
> away.
>
>
> What I'm wondering is:
> Why do the spammers even go to the length of using random words? Those are
> easy to filter out with some heuristics (e.g. missing punctuation). Why
> don't they grab some real text, say from a news site? There's an endless
> supply of new, proper text out there.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ