Re: OT: Criminal Spammers

  • From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 28 Oct 2003 23:32:41 +0100

You could strip all withespace and non-alphabet characters from the
text, giving you 

AIUNTSOUXRXAXNXCXE

A partial string analysis against any dictionary (let's say the
threshold should be 3 chars at least) would not yeald any valid word.
Add a thousand points to the spam counter :) Or you could do a letter
frequency analysis (well, at least as long the X are present).

It's a good thing to do anyway if you want to get around exessive html
tagging like <td>S</td><td>P</td><td>A</td><td>M</td>

Mark


> -----Original Message-----
> From: cismic [mailto:cismic@xxxxxxx] 
> Posted At: Tuesday, October 28, 2003 10:21 PM
> Posted To: www.isaserver.org
> Conversation: [isalist] Re: OT: Criminal Spammers
> Subject: [isalist] Re: OT: Criminal Spammers
> 
> 
> http://www.ISAserver.org
> 
> I think I should publish all the little tricks that I see them using.
> A - - - I
>  U - - - N
>   T - - - S
>    O - - - U
>     X - - - R
>      X - - - A
>       X - - - N
>        X - - - C
>         X - - - E
> This is one of the latest methods that I've discovered.  Very hard to
> black this type of crap
> Anyone got any ideas?
> 
> Joseph
> 
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
> Sent: Tuesday, October 28, 2003 12:42 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: OT: Criminal Spammers
> 
> 
> http://www.ISAserver.org
> 
> Yep; got a whole collection of it.
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "cismic" <cismic@xxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, October 28, 2003 12:29
> Subject: [isalist] Re: OT: Criminal Spammers
> 
> 
> http://www.ISAserver.org
> 
> Hi All,
> 
> Do any of you actually save spam?  I do since I find it interesting to
> see how cleaver folks are when they add filtering crap all around the
> click here to go there link's.  Some of the new spam kind of 
> reminds me
> of the old ascii art.
> 
> Joseph
> 
> -----Original Message-----
> From: Brian Drought [mailto:brian@xxxxxxxxxxxx]
> Sent: Tuesday, October 28, 2003 12:03 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: OT: Criminal Spammers
> 
> 
> http://www.ISAserver.org
> 
> Spencer,
> I'm looking for valid words, so  it'd look for "Pum.ps" in the SQL
> table, not find it and increment the duff word counter. ... 
> but... I do
> like your thinking. I've seen some spam which is along the 
> lines of 'Or
> your money back!!!!'. Excess of punctuation could make the code think
> it's a big more spammy (I'm trying to make it so it'll look at lots of
> different things and evaluate it that way).
> 
> One thing I've noticed aswell, is some spam has subject lines like:
> 
> "Get pills
> jniihiodz  jjojod"
> 
> So I could look for a excess of whitespace aswell......
> 
> Keep the ideas coming folks :-)
> 
>   Bri
> 
> -----
> Something I have seen recently is the overuse of punctuation in
> sentences!
> 
> For Example (no points for guessing the subject to the spam!) 
> N.o Pum.ps
> - No S.urgery - No E.xercises *_100%_Money_Back_G.uarante.e This seems
> to be acceptable to GFI.
> 
> I don't know whether there's a way of counting the punctuation/letters
> ratio and tagging them this way.
> 
> ...Spence
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ 
> Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ 
> Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> All mail from this domain is virus-scanned with RAV.
> www.ravantivirus.com
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ 
> Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: isaserver@xxxxxxxxxxxx
> To unsubscribe send a blank email to 
> $subst('Email.Unsub')
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2003