Quiet Gibberish is a Trojan Horse

Written by Carl E. Reid on September 23, 2008

Do not repeat the tactics which have gained you one victory, but let your methods be regulated by the infinite variety of circumstances.” -Sun Tzu

Have you or your email users recently received spam emails that just make no sense? Absolute gibberish may be in the subject, but certainly the email body contains what appears to be an undecipherable message. It seems disjointed, at best. The other curious part is there is no web link or sales pitch that accompanies it. It appears to have no use for you or the spammer who sent it. So why send this spam message at all?

There is more to it than meets the eye to brain correlation. Take a breath and let’s step back to see what is really being accomplished. Similar to magicians, spammers continue to succeed through misdirection. While you look at one action, another motion is happening in tandem.

Why are millions of gibberish messages being sent out, but appear to mean nothing? The answer to that question is “what is the front line defense to spam”? Good for you, if you answered “our spam filters”.  Contrary to popular belief, these software tools are not intelligent. Anti spam blocking filters are programmed to make adjustments, but it is not based on so called “learning”.  It’s based on programmed algorithms, based on human developers that have experience understanding the nature of spammers’ habits in sending email spam.

So spam filters that use statistical analysis or Bayesian spam filtering are prone to being fooled by these gibberish emails.  The result is spammers are exploiting this spam filter weakness, which interprets benign, useless messages as being “good” email. The filters change their threshold to allow gibberish messages to pass. This threshold or scoring method is what many spam filters use to determine if a message is spam or not. This is also known as stuffing the statistics. It brilliantly works in the Spammers’ favor.

How about the sales line to sell pharmaceuticals, purvey a stock that may contain a malicious virus. Many times the subject contains unrelated words or a recent news story.  In the body of the message is a block of text that is totally unrelated to the sales presentation. This text section is appended to the message, which is sometimes text from a news blog or web site.  It’s a jumble of random words stuffed together. These approaches are very effective methods specifically designed to reprogram the spam filters. This increases the chances of a larger percentage of spam to go through, with the next wave of 1 million spam emails.

Spammers are becoming increasingly more sophisticated in their offensive attacks. Administrators must become just as foxy. We must continue to train our minds to think like spammers.

About Carl E. Reid

Developing his career from the mail room to the board room, Carl E. Reid has achieved success by skillfully blending 40 years of technology and business intelligence experience with his passion for helping companies succeed. Carl is founder and CEO of NetTECH Systems Reid & Associates, Inc., an emerging technology consulting company located in the New York City area. One of his specialties is 15 years as a collaboration and email infrastructure consultant. He has implemented and supported Lotus Notes/Domino and other types of SMTP gateway/network configurations in small to large global companies up to 33,000 employees. Some of his clients have included IBM, Citi, JPMChase, Oxygen, LVMH - Moet Hennessy, MeadWestvaco, non-profits and professional organizations. Carl is a Savvy Business Owner, Public Speaker and Author. His articles have appeared in Network World, Computer Monthly magazines and hundreds of web sites. Combining business technology consulting with professional blogging, Carl specializes in advising clients how to best leverage the Internet as a tool for high impact visibility. Carl's speaking style combines humor with expertise, and his advice is always down-to-earth and practical. He personally publishes Library of Congress recognized newsletter blog, http://www.SavvyIntrapreneur.com and http://www.iTechSpeak.com. Carl wrote the original "Professional Blogger Job Description", being used as standard document within companies. As a business career coach, Carl teaches professionals how to run their career as a profitable business.
  • (required)
  • (required)