We all get lots of spam.
Enough, even with junk folders and spam filters, to be more than merely annoying.
Here at Naked Security, we don’t just get spam in our email feed.
We also have to contend with SPEWS, or Spam by Electronic Web Submission.
You probably know what we mean by SPEWS, if you’ve ever participated in badly-moderated forums where comments are approved automatically or semi-automatically.
Forums like that that often end up overrun with drivellous spam comments.
These are typically some sort of generic praise that the forum spammer hopes the moderator will approve, thus accidentally publishing the link included along with the “comment”:
Occasionally, the praise will veer into waters of incomprehensibility, even though praise is probably what the spammer meant:
And, as we’ve pointed out before, the spewers sometimes try anti-flattery, presumably hoping that their comments will be approved in order to provoke (or to justify) a response:
So here’s some forum spam that we received over the weekend to make you smile:
Click on the image above for the whole kit and caboodle [800KB image]
Looks like the spammer’s SPEWS-generator suffered a parsing error – there was a spurious-looking backslash in there that may have shielded an important delimiter from the spamming software – and sent us all their “flattery remark” templates in one giant comment.
You can see how the system is supposed to work.
There is a list of comments, separated by blank lines, each of which contains one or more alternative wordings at various points, enumerated in squiggly brackets, also known as braces, and separated by pipes, also known as vertical bars.
The SPEWS-generator is supposed to pick a comment at random, pick one of the alternative renderings for each choice-point, and add in a URL.
In this spam, the crooks were promoting women’s footwear (UGG boots, apparently), in the hope of earning a modest fee for every click through.
There’re also hoping that their bogus links, even if posted but never clicked, might trick search engines into judging the target site as “well-connected,” thus boosting it up the search results.
But it didn’t quite work that way here.
And that’s worth a smile all on its own 🙂
PS. If you have a web submission form for customer enquiries, and you convert the submissions into emails that are forwarded to your sales or marketing teams, treat your own web server as a potentially hostile email sender. In other words, don’t treat your web server as “inside” when it comes to spam filtering: send web submissions through your external email gateway, just like you would any other untrusted email from an unknown sender.
Sophos UTM Home Edition
Want to filter dodgy emails and dangerous websites at home, for free?
Try our award winning UTM.
The Home Edition includes all the Sophos UTM features: email scanning, web filtering, a VPN, web application security, and everything you need to keep up to 50 devices on your home network secure, 100% free for home use.
In you live in a shared house, or you have children to look out for online, this could be just the product you need.
Better yet, you get 12 free licences for Sophos Anti-Virus for Windows that you can install and manage throughout your household, right from the UTM web console.