by CIO Staff

Hidden Geeky Keywords Circumvent Spam Filters

Oct 04, 20062 mins

MessageLabs’ September intelligence report has highlighted “geek speak” as the new wave of social engineering techniques being used to send spam.

According to MessageLabs, hidden keywords such as .Net, cpan, xss and Java hidden within the body of text can trick Bayesian filters into thinking the message is anything other than spam.

MessageLabs Chief Technology Officer Mark Sunner said spam based on geek speak is just another way the bad guys are evolving. Sunner said he expects to see an increase in other targeted spam; for example, accountants could be targeted by using financial terminology.

The report, released this week, also discovered levels of virus and trojan malware has been declining when current figures are compared to the same quarter last year. Israel won the less-than-impressive title of being the world’s top spam target, with spam representing some 73.6 percent of all e-mail traffic.

Australia was the country least affected by viruses, according to the report.

Spam directed toward Ireland increased 1.7 percent to 64.2 percent, and India was found to be the least spammed country (25 percent of all mail), a dramatic decrease from this time last year. In the third quarter of 2005, India suffered an 81.69 percent spam rate.

The report states phishing attacks increased 0.27 percent in September worldwide when compared to August last year, with one in 170 e-mails being phishing-related. As a proportion of all e-mail-borne malicious code, phishing e-mails rose 21.7 percent, accounting for 52.4 percent of malicious e-mails found by MessageLabs in September.

Adam Biviano, Trend Micro premium services manager, said using “geek speak” within the body of e-mails is yet another example of spammers adapting techniques to combat spam engines.

Biviano said if the spam engines failed to look deeply into the body of those e-mails, it is possible they may not look like spam.

“You can adapt engines to make sure they analyze ‘technical’ looking e-mails to a greater extent, like putting the language used in context to the block of text around it so you are not looking just for content but context,” Biviano said.

“If the e-mail still appears grammatically correct, it is possible it is legitimate and will be marked so.”

-Michael Crawford, Computerworld Australia

Related Links:

  • Pump-and-Dump Spam Turns Subliminal

  • Blended Antispam Blocks Out Rivals

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.