[Full-Disclosure] spam with anti-bayesian parts
surya at nsecure.net
Mon Jan 12 11:29:50 GMT 2004
Actually most of the spammers use automated tools that contains some
scriptable plugins to evade the spam filters. Since they spam more that
1000's of users at a time, picking something real might be a bit slow and
requires extra processing. Even if they create a template for all the mails,
that'll take up some time which they may not want to waste on. Also,
introducing random gibberish noise might be able to get through bayesian
filters because, that particular gibberish junk may not be in the database.
And sometimes after learning that pattern, the pattern may not repeat
next time, since it's just a random sequence. There are endless patterns
that you can create with just 26 character using just a line of perl code
that'll never repeat. Also they introduce unicode characters alongwith the
sequence of the noise.
It's one of the evasion techniques that spammers use to get around the
----- Original Message -----
> To wind up the earlier thread I started when I thought it might have been
> misbehaving worm:
> The first spams with 2 lines of ad and 20 lines of random garbage words
> arrived in my mailbox yesterday, going cleanly through the bayesian
> The explanations on this list are thus proven correct.
> The filters DID give them a 70% spam probability based on bayesian
> filtering, so I figure it will be a matter of some training and they'll go
> What I'm wondering is:
> Why do the spammers even go to the length of using random words? Those are
> easy to filter out with some heuristics (e.g. missing punctuation). Why
> don't they grab some real text, say from a news site? There's an endless
> supply of new, proper text out there.
Full-Disclosure is hosted and sponsored by Secunia.