Category: Spam

Posted on
by

Yesterday morning, I remarked to Katie that it seemed odd that with the vast number of “zombie” computers infected with remote control programs via viruses, trojans, spyware, etc., their primary use so far has been sending spam. After 7-odd years of distributed computing projects ranging from demonstrating weaknesses in encryption schemes to searching for extra-terrestrial radio signals via SETI@Home, and reports that access to zombie nets is selling on the black market, you’d think someone out there would be trying to crack into the DoD or something. (That last link refers to phishing attacks, but the current form of phishing is very tightly coupled with spam.)

Last night I saw proof that zombies are at least branching out a little: they’re not just being used for email spam, but they’re also being used for comment spam. Starting around 8:30, someone started posting pairs of comments every 20-30 minutes. The content and links were identical each time, except for some random numbers in the (probably bogus) email and at the end of the body… but the IP address was different each time.

I caught it around 10:00, added “poker” to the list of moderation triggers, figured they’d give up when they saw their comments weren’t posting, and after another 3 pair (that’s not a legal hand, is it?) I just closed comments on the two posts.

Update 6pm: After a long afternoon dealing with server recovery issues, I checked my email and found about 40 “Please approve…” notices, starting around 1:45 and running all afternoon. All from the same blog spammer. A bit more aggressive than yesterday’s, because they hit a new post every time, but this batch all went straight into moderation. You’d think after you posted 20 comments and none of them showed up, you’d get the clue that it’s not worth posting 20 more…

Update 9am: I installed a plugin last night to block those comments from even reaching the moderation queue. Then laaate last night I noticed that it was screwing up comments with apostrophes, so I disabled it. The moderation notices started coming in immediately. 60 of them from around midnight to about 6am this morning. And none were ever displayed on the site. (Thank you, WordPress!)

Posted on
by

This showed up in the spamtraps today:

Subject: Truth of the matter

Dear Sir,

This letter can only define Nigeria Scam, a.k.a. 419. If this mail look like scam to you delete it, we are looking for serious minded person.

As we all know, top officials do loot funds out of the country with non-residence foreigners. When they try and fail, the world hears it as fraud/scam, but when they go through, nobody or a newspaper writes it.

This trade is huge here and people are making lots of money out there in most foreign countries. Though the government are mapping out sophisticated strategies to checkmate unauthorized dealers. From the president to the cleaner in the house, they are all into this trade.

And so on.

This has got to be the most brazen variation I’ve seen — and the first one that admits what it is up front. Of course it goes on to try to convince you that no, this one’s the real thing, we’re only trying to cheat other people, not you, because you wouldn’t fall for that sort of thing, would you?

I’m trying to figure out whether the proper response to this is “WTF” or “O_o” or just “Unbe-flipping-lievable.”

Posted on
by

Found in a spamtrap today:

“Remove your bills the Christian way”

WTF?

What follows is a long, disjointed collection of unrelated sentences that I suspect is actually Bayes poison (some spammers have figured out that using natural-sounding language is more effective at making Bayesian filters, well, less effective). There is, however, apparently an image above that, which I suspect contains the real payload.

Now if it were trying to get rid of creditors the Christian way, it might make more sense…

Posted on
by

Rob Cockerham of Cockeyed.com (home of the fascinating How Much is Inside? series) noticed the same model showing up in a lot of his spam (often wearing the same dress). He collected the advertisements, and linked them together in what he calls An Unsolicited Commercial Love Story.

Since he first wrote it up, other people have spotted the same model on banner ads, MSN articles and even a kiosk at UCLA. Where will “Alicia” show up next?

Aren’t stock photos fun?

(Via SpamBlogging)

Posted on
by

From a recent abuse report:

Hello. The spammer below is either using your resources to send out BULK, unsolicited, S.P.A.M. or is deceptively trying to make it look as if from your server as the ISP.

I’ve seen similar wording before, mainly on reports via SpamCop, but this really made me wonder.

I know what SPAM is (processed lunch meat), and I know what spam is (unsolicited bulk mail), and while many people get them confused, this is the first time I’ve seen S.P.A.M. Obviously they meant spam, but what if it was an acronym?

So, what should S.P.A.M. stand for?