The latest news from Visitation S. Cadger


I got a lovely note at work from one Visitation S. Cadger a couple of days ago. It was all in Russian. I can decipher Cyrillic, but don't actually know any Russian, so I look for transliterated English words as a clue. This one appears to be about "operativnaya poligraphiya". The end of it refers to "metro Leninskiy Prospekt" and gives a phone number, which I take to be in Moscow. Evidently someone out in the Spamosphere thinks I live in Moscow. I have received ads, with menus, for a Moscow pizza parlor and a Moscow sushi restaurant which (if the online translation was correct) also seems to be a "gentleman's club".

The Russian spam flood is fairly recent. I've been getting Turkish spam for a couple of years now, as well as spam in Spanish which appears to be specifically Argentine.

The recent Russian spam (and some in English) appears to be coming from spyware running (unknown to the users) on home computers connected to either DSL or cable Internet. More specifically, it looks like these infected computers have outgoing mail servers running, which a spammer can use to bounce his message to the wide world while keeping himself hidden. A good firewall will catch this kind of behavior -- you may have one built in to your broadband modem, can use the one built into Windows XP, or can get Zone Alarm, which is free-for-personal use. Zone Alarm will alert you if a program on your machine is trying to send data across the Internet, and it will allow you to block certain ports from outside access. Gibson Research Center's ( Shields Up webpage will let you know if your system is adequately protected from attack over the Internet.

The names in the From line are wonderful -- Stying K. Purgative, Mustered O. Behemoths, Headwaters I. Evidence, Circularizing T. Integers, Disassemble H. Imps, Rallies Q. Stratification, Accretions G. Recital -- they are obviously not names, but they have the rhythm of names, reminiscent of the sort that Barry Took and Marty Feldman cooked up for sketches on "Round the Horne", like Isambard Mousehabit and J. Peasemould Gruntfuttock. (Or the Li'l' Abner character, Jubilation T. Cornpone.) So we know the spambot writer is evil, but has a sense of humor.

The reason for this use of random words for names is to try to fool Bayesian adaptive filtering, used by Mozilla Mail and gradually being adopted by other anti-spam products. As the user identifies messages he consideres to be spam, Mozilla learns from the user, and builds a table of probablilities that a given word will be found in a spam message. This table is used to score incoming messages, and if the total spam score is above a certain threshold, the message goes straight into a Junk bin. So spammers are using creative spelling (replacing letters with similar punctuation marks, for example), injecting random words in subject lines or sender addresses (a recent subject line: "coast target icarus phenotype vest groat snort despotic diverge detriment galvanism click protoplasmic trident breccia" -- for an e-mail advertising medication of some sort) to try to skew the spam score and sneak in under the threshold. Better spam filters also look at features that are characteristic of spam -- like piles of invalid HTML tags or nothing but an HTML image link. Mozilla catches about 90% of the spam I get, and the only false positives are messages from vendor mailing lists that I've opted into, but you can train Mozilla not to treat these like spam.

I get very little spam at my private e-mail address, precisely because I keep it private. Even the address which I display on this page is relatively spam-free, because I display it in a form easily understood by humans, but not easily identified by web-crawling spambots. Unfortunately, Paypal insists on using e-mail addresses as identifiers, which means it appears in URLs for donation buttons -- and sure enough, that address gets spam. The address that gets the most is one I've had for over 10 years (before the web!) and it's probably on every spammer's master list.

I remember getting an unsolicited ad message, back in the early, innocent days of the 'net. The message claimed that it was only being sent to people who had requested such information. There was an 800 number for the advertiser, so I called it. I spoke to the president of this little company, and politely told him that I had made no such request, and that his e-mail had probably been sent indiscriminately to tens of thousands of people around the world. The gentleman sounded like he was trying to catch his breath after being punched in the gut, as he realized that he had been both ripped off and had his company's reputation severely damaged, because he had believed the huckster who assured him that the message was only going to people who would welcome it.

(Too lazy and pressed for time to look up references and hot link things. That's what Google's for, right?)

About this Entry

This page contains a single entry by Michael Bates published on March 26, 2004 1:04 PM.

District 3 re-vote spoiled? was the previous entry in this blog.

Go, go, Pogo! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.



Subscribe to feed Subscribe to this blog's feed:
[What is this?]