Anatomy of a spam e-mail

Anatomy of a spam e-mail

am 30.04.2007 23:07:19 von spamhotmail

http://news.bbc.co.uk/1/hi/technology/6038236.stm



Anatomy of a spam e-mail
A daily chore of modern life for many is the morning trawl through a
full inbox deleting spam email. But just where does it all come from
and why do spammers use bizarre text, names and images in their
emails?

To the expert eye a typical spam is laden with clues to its origin.
Click on the links below to find out more.

SENDER

"Iverson Vernie": An implausible name that sounds human to computers
if not people. This helps to offset the "spamminess" of the message.
Plus it is in capital letters which also helps to bust the scoring
systems often used to spot spam.

Return to the top

E-MAIL ADDRESS

"eieeeyuuyuioeeiiayi@fleetlease.com - Clearly fake. All the letters
before the @ sign come from the top line of the keyboard starting at
the left. The spammer generated this e-mail addresses by running their
finger along that line when putting the spam run together.

However, this could provide useful forensic information when tracing
spam campaigns or spam groups. Another clue is given by the fact that
the company owning the domain, Fleetlease, rents vehicles - there's no
reason to think it is really pushing pills.

Return to the top

SUBJECT

Bad spelling marks it as spam as does the exclamation point. But it
avoids mentioning what the message is actually about which might help
it sneak past some spam filters.

BODY IMAGE

The body of the message is actually an image rather than text. Again
this is another trick to defeat spam filters which find it impossible
to view what is in bitmap or jpegs.

This image was called from another computer based in Hungary. The net
service offered by this company is free which is probably why it is
being used as a source for these images. Spammers hate paying for
anything.

It could also be a checking mechanism which records which e-mail
address responded. "Live" addresses are much more valuable than ones
that never react.

Return to the top

ASSOCIATED WEBSITE

This is apparently linked to a company in Wisconsin, but the details
held on the net about it are likely to be fake given that there is
evidence the server is physically located in South Africa. The server
hosting this site hosts another 90, most of which are touting drugs of
one kind or another.

The net address for this site is well-known as a source of spam and is
actively blocked by many organisations. It is thought to be one of
many used by the Yambo Financials spam gang.

Return to the top

EXTRA TEXT

Spammers regularly use large lumps of text to try to convince
filtering systems that a message is legitimate. Extracts from books
are popular but random text like this is too. What should be noted is
that nowhere in this mail does the text actually mention what the
message is about. The only mention of the drugs it is offering for
sale is in the image.

Return to the top