| View previous topic :: View next topic |
| Author |
Message |
jkcunningham
l33t
Joined: 28 Apr 2003
Posts: 649
Location: 47.49N 121.79W
|
 Posted: Sat Nov 22, 2003 4:22 pm Post subject: A new form of spam attack on Bayes Filter based spam filters |
 |
|
I've been running parallel spam filters as an experiment for sometime. I have procmail split my incoming mail into two paths: one goes through bogofilter, the other through SpamAssassin. I am accumulating the Nehman-Pearson statistics (false-alarm, false-negative, hit, and miss rates).
For some time now I've been noticing an increasing number of spam making it through which is of this form:
| Quote: | ameliorate burglarproof activation radical methodic chauffeur bilateral cutworm lund retrogress adrift acquitting bryant surfactant sutton scriptural vide wolves aeronautic honorific
The ultimate digital cable filter
The filter will allow you to receive all the channels that you order with your remove control!
payperviews, adult movies,sport events,special events! see now!
voluntarism robinson anomalous bridesmaid resumption tinfoil decorous gunmen nibelung irrefutable allow noise hoover orthodontic cipher
|
And that's all there is to it. Here's another one:
| Quote: | relfgsqm rabbit-hole went straight on like a tunnel for some way, and then dipped suddenly down, so zvmzg Alice had not a moment to think about stopping herself she found pqazpqkgbf down a very dark wwnir.
Did you know that the normal c0st for V1AGRA is $25, per dose?
kvrquop itgysyeno rvdxayhceb nloikcd fpeejydwl
We are running a hot spec1al!! T0DAY It's only an amaz1ng $1.80
Sh1pped world w1de!
Don't Miss Out - Yours Can Be Sh1pped Today!
ywrptoo zlxvr vylvjbwo okeaheqyk mnfrcx
DlSC0UNT 0RDER: GET YOURS N0W....
ogrnaci ywbjhdq cewfqs tshhkpmaye
Oh a song xmnwlywfif the Turtle be so kind, Alice replied, so uxwqzmrlf the said, in a rather turdeqyjet tone, Hm! No for zmcrmev!
kbvwpbnvylsyxaupmqrigliujstua |
I couldn't figure out what the purpose of these were at first. They have no contact information, no links of any kind. Just a seemingly random collection of words, phrases and gibberish.
I just figured it out. What they are attempting to do is flood the Bayes filters with mail which will skew the statistics used to access spam. They are - in effect - raising the noise floor point by point so that they will eventually become far less effective.
Its really very clever, and shows a certain mathematical sophistication on the part of some spamers (or the people selling them a pipeline). I'm not sure how effective it will be in the end, but I have noticed in increase in the miss rates for both filters. And now that Bill G. is entering the spam filter market with their product (which is no doubt Bayes filter based), the incentive becomes even greater on the part of the spammers to devise methods like this.
We're in an arms war, people. Time to get clever again....
-Jeff |
|
| Back to top |
|
 |
nephros
Advocate
Joined: 07 Feb 2003
Posts: 2120
Location: Graz, Austria (Europe - no kangaroos.)
|
| Posted: Sat Nov 22, 2003 4:47 pm Post subject: Re: A new form of spam attack on Bayes Filter based spam fil |
|
|
Yes, I get these too.
They started approximately at the time the term "Bayesian" had hit the slashdot frontpage for the third time.
| jkcunningham wrote: |
We're in an arms war, people. Time to get clever again....
-Jeff |
Yes, but filtering at the receiving end never helped fight spamming, it just hid the fact that there is a war.
_________________
Please put [SOLVED] in your topic if you are a moron. |
|
| Back to top |
|
|
SpinDizzy
n00b
Joined: 28 May 2003
Posts: 63
Location: Moss Vale, Australia
|
| Posted: Mon Nov 24, 2003 3:26 am Post subject: Re: A new form of spam attack on Bayes Filter based spam fil |
|
|
| nephros wrote: | | Yes, but filtering at the receiving end never helped fight spamming, it just hid the fact that there is a war. |
That is like saying locking your car and installing an alarm never helped fight car theft, it just hid the fact that there were cars being stolen.
If filtering had no effect on spammers, they would make no effort to by-pass it.
Just as car alarm manufacturers are locked in an arms race with car theives, spam filter developers are locked in with the spam developers.
In an ideal world all spammers would be caught and prosecuted, as would all car thieves... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
