Posts Tagged ‘image spam’
Christmas cheer: No image spam for me
Friday, December 22nd, 2006
Another Mail.app rule to catch image spam
Wednesday, December 20th, 2006
A poster on macOSXHints has described a rule 
designed to block the current plague of image-bearing spam.
It’s an improvement, perhaps, on the image spam catching rule I posted three months ago.
Having read the post and the suggestion in the comments, I’ve tweaked my rule for this a bit.
It now looks like this:
Most of the image spam I get contains a GIF file.
I like the idea of setting the colour to a particular colour so that I can see at a glance which messages the rule has moved. It gives a warm fuzzy feeling and it helps me to scan quickly for false positives.
Image spam surge powered by Russian bot-net
Monday, November 27th, 2006
Reports on eWeek.com and on SearchSecurity.com claim that a highly sophisticated Russian bot-net is pumping out the current surge in image spam.
According to a senior security researcher at SecureWorks, the bot-netters grew their 70,000 strong zombie network with the SpamThru trojan, an innovative piece of malware which not only packs its own pirated version of Kaspersky Anti-Virus to eradicate any competing malware from infected computers, but also uses a list of proxy servers to evade blacklisting by anti-spam agencies.
The researcher also claims to have uncovered evidence that the spammers harvested lists of email addresses from financial institutions:
It also appears the spammer made an effort to obtain more targeted lists of email addresses by hacking into smaller investment news Web sites and other e-businesses and downloading their user databases,” he said. “This is likely due to the fact that pump-and-dump stock spam seems to be a primary motive of the botnet.
Mail.app users can get some level of protection by creating a rule to filter some of these images spams out.
David Reitter takes a slightly different approach with a different rule.
Fastmail users (and others with tweakable server-side spam protection) may get some extra relief from this tip on EmailDiscussions.com which creates a more sophisticated rule.
[Via Daring Fireball ]
A new wave of high brow “empty spam”
Thursday, August 10th, 2006
The Wall Street Journal reports on a new type of spam that has been doing the rounds for the past few weeks.
This is not the “image spam” plague, but something else. Spammers are loading up inboxes with emails containing short extracts from authors like J.R.R. Tolkien, Alexander Dumas and Daniel Defoe.
Sometimes called “empty spam” because it contains no advertising pitch or offers or phishing attempts, this type is on the rise according to IronPort Systems . I can’t find an IronPort press release to confirm the figures, but the WSJ says that,
the number of empty spam messages has almost doubled to 4% of all spam email in recent weeks, according to IronPort Systems…. For a few days in June, it peaked at 40% of all spam.
Theories about the motivation behind “empty spam” messages vary. Some suggest that it is an attempt to confuse spam filters so that more malicious spam will slip through later.
Others point to a possible breakdown of communication between spam host servers and the virus-infected “zombie” computers that circulate the spam more widely. When communication breaks down, the zombies continue to send the “hashbusting” text that helps spam make it past the filters but without the “active package” which contains the advertising offer or phishing scam.
Unlike “image spam”, I haven’t seen any of this “empty spam” myself.
A Mail.app rule fix for image spam
Tuesday, August 1st, 2006
MacInTouch reader Bill Benson posted a rule in the .Mac section of that site yesterday which will catch much of the current “image spam” plague.
He noticed that the image spam emails always have two distinguishing marks: they come from a different address each time and the Content-Type header begins with “multipart/related”.
So a rule that matches both those conditions like the one below will snag them before they hit your inbox:
The only tricky thing here is selecting the “Edit Header List…” from the list of conditions and then entering “Content-Type” in the next window. “Content-Type” will now appear in the list of conditions. You will need to select it and enter as its content “multipart/related”.
You might choose to replace the “Not in my previous recipients list” condition with “Not in my Address Book” depending on your own correspondence patterns. Adjust to suit your own tastes.
There is a small downside. It seems likely that this rule will move some “false positives” into the Junk folder. But checking that from time to time is much better than wading through the image spam that Mail.app’s Junk filter is currently missing.
UPDATE: It will be easier to spot any false positives moved by this rule, if you add a “Set Color of Message” action to it, choosing a unique colour. That will help them stand out in an overstuffed Junk folder.
