Sabotaging spamassassin

Over the past few days, there’s been a new storm, of email spam comprising just random words. Not (as has been common for years) tagged onto the spammer’s message, but in isolation. No message at all: the random crap is the entire message contents. And unlike a lot of spam that follows predictable patterns, this stuff looks like human-written paragraphs of text.

My best guess as to why this is happening is that it’s aimed at crippling statistics-based filtering software such as spam assassin. Human recipients will classify them as spam, thus training the filter. But statistically they’re closer to real mail than to the spammer’s usual \/|@gra, m0trgages or St.ron`g Buys, so telling a filter these are spam may in practice weaken its ability to distinguish email from crap. Of course that’s just speculation: I haven’t done the experimental work to test it.

The same thought has crossed my mind in the past when I’ve received empty or one-gibberish-line spam messages, but on the whole I was more inclined to attribute those to incompetence than anything clever.

Today there’s a story in El Reg about a round of spam promoting an obscure american presidential candidate (I never saw the actual spam). The motivation for it was unclear: neither the candidate nor his opponents could expect to gain from it.  If it was indeed someone with an interest in the subject, then either it was a “stalking horse” experimental run, or just a complete nutter.

Anyway the reg’s reporter had interviewed a security researcher who had got his hands onto an instance of the software that controls the spam-sending botnets, and reports that it was well-written, and that it includes spamassassin. That looks like fairly compelling evidence that professional spammers are indeed engaged in an arms race with spamassassin, and I think lends enough weight to my speculation to merit blogging about it.

Posted on December 5, 2007, in spam. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: