There's a new stock spammer on the block, sending embedded image spams in enormous volume. As usual, the images are slightly modified for each run so that the encoded image doesn't present a filterable string. The spammer began by posting ads for SHCM.PK but has now settled on KMAG.PK.
June 2006 Archives
Dumb and dumberer
21 June 2006 - 07:11 AM | PermalinkI'd like your help with a simple experiment, which will take just a few moments of your time. All I'd like you to do is to pretend that you've never heard of this site and know nothing about it. Now I want you to visit a few pages on the site. Ready?
Continue reading 'Dumb and dumberer'
Little drop of poison
12 June 2006 - 09:48 AM | PermalinkOver the last few days, I've seen another interesting new phenomenon related to stock spam. I've received a large number of spams carrying some of the typical stock spam subject lines (I have a complete list, thanks to a spammer who inadvertently posted his random subject file instead of his stock pitch) but with a body that consists of a few lines of random character strings. This might be just another configuration problem - the random strings were intended to be hashbuster text on the end of a stock pitch, but the file containing the pitch somehow went missing - but it could also be a deliberate attempt to 'poison' Bayesian filters by seeding them with garbage text. If this is the case, the use of typical stock spam subject lines may indicate that it is specifically targeting Bayesian filters used to identify stock spam.
Short and distort
09 June 2006 - 10:50 PM | PermalinkMy old friend, the pump'n'dumper is still cranking out stock spam, but he has some new tactics. In a further attempt to avoid automated analysis, he has taken to dividing his embedded GIF images into several parts. More significantly, he has also switched from a pump-and-dump model to short-and-distort.
Continue reading 'Short and distort'