The other day I was browsing through my personal email (a free service that claims to have the best spam-filtering around - which they do not) and I noticed that I had a lot of image-only spam. This spam looked virtually identical to the spam that I know for a fact we have blocked because I see false positive submissions on it all the time.
Having learned my lesson from previous spam storms, I became a little suspicious. If there is anything I have learned this year when it comes to image-only spam, it's that spammers are becoming increasingly adept at making slight changes to their payload. The latest technique is to include hashbuster text along with the spam images; that is, include lines and lines and lines of seemingly meaningless words after the image. The idea of including that is to avoid spam filters.
When I first started noticing spammers doing this earlier this year, we implemented measures to stop them. Now I see changes in the hashbuster text. Spammers now use a variety of fonts and colors in order to bypass filters and embed the image in the middle of the text. I actually find this quite clever as it shows that they are evolving to the way filters catch them. I have no comments on whether or not this defeats us, but suffice to say that we are wise to these types of games.
Less than two years ago, varying the hashbuster text in text-based spam was a very common tactic. Spammers would send spam advertising viagra, cialis, low-interest loans and free university life-experience degrees and embed text at the bottom. Soon they started varying the fonts. Then they started changing the font sizes, then the font colors. I find it interesting that they have adopted this tactic from text based spam over onto image-spam. Again, I wonder as to how effective this actually is as spam is basically a really annoying sales campaign and obfsucating your product's advertising generally has the opposite effect of what you want. Still, even though the type of spam is different the techniques remain the same. Perhaps there really is nothing new under the sun.
PingBack from http://mydebtconsolidator.info/story.php?id=5628