The game goes on: an analysis of modern spam techniques

Rob Thomas, Dmitry Samosseiko SophosLabs

Spam is perhaps one of the most rapidly changing forms of communication we see today. The spammers' methods of evading detection evolve constantly, differing significantly now from what was employed even in the recent past.

Content-based filtering - still a necessary part of any broad and proactive anti-spam solution - is by no means immune from their efforts. Whether based on signatures, URL blocking or heuristic rules, these filters are still sometimes thwarted by sophisticated HTML- and CSS-based obfuscation methods, or by placing the entire content of the message in randomized attached images.

Spammers also tirelessly seek loopholes in domain name registration systems that allow them to avoid pre-emptive detection, and in the security measures of free web-hosting providers so they can mass-register thousands of new home pages every day.

The paper will provide an analysis of many modern anti-anti-spam techniques, accompanied by statistical reports and real-life examples. It will also outline some possible approaches to combat these often highly effective and thus increasingly 'popular' spam techniques.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘The corporate speakers were very skilled and represented small to large businesses.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

VB2010

VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.

Virus Bulletin currently has 190,975 registered users.

Fighting malware and spam