 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
hornet777
Warrior Guru
Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458
|
 Posted: Sun Sep 17, 2006 9:34 pm Post subject: Filters |
 |
|
Perhaps another of hornet's impossibly stupid questions, but I wonder aloud if spammers have the ability to detect what filter(s) one has constructed in a general net-based account and adjust subjects/bodies accordingly? Maybe its just me, but it seems like this is so, for whenever I adjust a filter, it seems as though the spammer adapts.
Not a lot (quantity -- <10/day) of spam, but any at all annoys me, so I try to keep ahead of it. |
|
| Back to top |
|
 |
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Mon Sep 18, 2006 3:41 am Post subject: |
|
|
I can't see how it would work particularly for client based filters particularly those indidvualised bayesian filters.
I suppose if the spammer has some way of knowing whether a user opens the mail or not (via webbugs ??) they might have some feedback on whether it made it through, but even then it would be iffy, because many users delete spam mail without opening it at all just by looking at the headers. |
|
| Back to top |
|
|
Oldfrog
Site Admin
Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX
|
| Posted: Mon Sep 18, 2006 10:40 am Post subject: |
|
|
I agree with Ericalbert that there is very little chance of a spammer detecting your individual filter rules. I also believe that the webbugs are more useful for determining that an account is active than for anything else.
One thing that spammers do know is that there are filters available and that more and more people use them all the time. Knowing that, it only makes sense that they (the spammers) would continually change up their content in an effort to slip through. |
|
| Back to top |
|
|
thejynxed
Warrior
Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania
|
| Posted: Mon Sep 18, 2006 12:38 pm Post subject: |
|
|
If you use bayesian filtering, alot of spammers now do what is called "bayespoisoning" where they untrain your filters by specially crafting the headers of spam a certain way.
Another thing you might notice, if you use GMail, is that lately, alot more spam is getting past their spam algos, and this is part of the reason why.
_________________
"I stab thee with a rusty spork."
  |
|
| Back to top |
|
|
hornet777
Warrior Guru
Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458
|
| Posted: Mon Sep 18, 2006 2:03 pm Post subject: |
|
|
| Quote: |
| Another thing you might notice, if you use GMail, is that lately, alot more spam is getting past their spam algos, and this is part of the reason why |
Yeah, that's it. I only use it through my browser; although I do have OE configured for Gmail, I never actually use it, so all the filters are on Google's server.
So, I take it then that there is no way for spammers to know one's filters, but that they are penetrating Google's barriers (through [presumably] other means not related)? That would explain the morphism.
Thanks for replying, guys. |
|
| Back to top |
|
|
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Tue Sep 19, 2006 9:13 am Post subject: |
|
|
| thejynxed wrote: |
If you use bayesian filtering, alot of spammers now do what is called "bayespoisoning" where they untrain your filters by specially crafting the headers of spam a certain way.
|
Posioning of bayesian filter is not quite so easy as you seem to suggest and generally it has nothing to do with 'crafting headers'.
A crude example would be a spammer, sending you mails with no spam related words at all, but tons of normally 'good' words (in nonsense order though) This will get the mail through obviously.
A naive user might consider that to be spam and train on those mail as a spam. This will obviously erode the capability of the filter to distinguish between good words and bad.
But that will take a while to happen and is extremely ineffective for the spammer.
A more common example is to use word salad, throwing in tons of "good" words in hopes of countering the bad words or using a single image (altough some bayesian filters have psuedo tokens for that)...
Of course, the problem is given everyone is using indidvualised filters, what is a good word for me, is not one for you. So while the spammer might successfully by chance stumble on the right words to get pass some people's bayesian filter, they won't get past most people's.
If the spammer was targetting a specific group, he would probably have no problems crafting an email that could get past their bayesian filter. For example, if I were a spammer targetting posters in this group, putting in lots of antispyware related words, spyware warrior, castlecops, HJT, computer security terminology, etc would probably have a pretty high chance of getting through. If I was even more specific, say targetting Suzie, I would add "Howes", "Sunbelt" , "MVPS" etc
| Quote: |
Another thing you might notice, if you use GMail, is that lately, alot more spam is getting past their spam algos, and this is part of the reason why. |
Nah, my impression is that Gmail's spam filter is not indidvualised, as a result it is possible for spammers to test against it.
They get a gmail account, send a spam to it. If it is not caught, then they send it to all....
It's kind of like spam assassin before the bayesian days, spammers downloaded the latest version, tested to see if their spam was caught by it, if not they sent it out enmass. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
