You can't say spammers aren't inventive: they're always looking for new ways of getting past the spam filters. One of the biggest problems they have is that if the message they sent you has a URL in it then it very rapidly ends up in a block list run by someone like SURBL (who we use).
So they try to get around this by a variety of means. Using short URL sites like tinyurl is a popular choice at the moment, although they're getting smarter at stopping the spammers.
Another trick is to use images and to distort them so even if you use OCR software on the image it's hard for your spam filter to pick out the URL to check against a block list. We're getting quite a lot of that at the moment, to the point where any email with an image attachment is now flagged as possible spam unless it's from one of our "whitelisted" friends or work colleagues.
But tonight a new twist. I got an email with an MP3 attachment. I opened it carefully using VLC and it read out a URL of a web site!
So that's going to be a hard one to filter on ... or so I though until I looked at the ID3 tags. The album title was
"WWW.*****.NET - CHEAP VIAGRA" (I've starred out the real URL but it's there clear as day in the ID3 tag). And yes, the domain is in SURBL's block list.
Now the only job left to do is to modify our spam filter to unpack MP3 attachments and look at their ID3 tags. Sigh.
|Tags: internet, spam||Written 16/12/09|
You can follow these posts on Twitter at @Wibblings