Spammers must fool humans and computers

Fooling either a human or a a computer is a relatively easy task but fooling both is difficult. Humans and computers ‘think’ differently and spammers use different tricks to get past both. My colleague Dmitry gave a talk in 2005 at the Virus Bulletin Conference on a method that we use to combat spam. In it he looked at other techniques used to combat spam as well one of which being URI blocklists (or blacklists).

Blocklists have a relatively good success rate at blocking spam (~90%) however they do not work for all types of spam. A recent spam campaign seen by SophosLabs shows how the spam has changed (probably deliberately) to get around blocklisting.

The original messages in this campaign had a fully formed URI however as you can see from the above image in subsequent messages the last dot has been replaced by two spaces. Fooling the computer by marking the URI blocklist irrelevant. In this case, the human shouldn’t be fooled as messages don’t use enough social engineering to get people to fix the link.

SophosLabs have written and published a spam genotype for this threat and will continue to monitor this campaign.