Fighting malware and spam
SPUTR
Trick naming
Each trick in the Spammers' Compendium has a friendly name (which is intended to be humourous), and also a SPUTR name. SPUTR (Spam/Phish Uniform Trick Repository) is a naming scheme for spammer and phisher content tricks that was first proposed by John Graham-Cumming. More details can be found here.
Each name consists of three '!'-separated parts: a purpose, a name, and a technology.
- The purpose is the reason for the trick (for example, the trick is used to obscure a URL, or to insert innocent words).
- The name is derived from the current pejorative name.
- The technology identifies the way in which the trick is coded (for example, with HTML or MIME).
Purposes
The following table contains a list of 'purposes' that can be used to categorize tricks.
| BWO | Bad word obfuscation | Making it hard for a filter to parse potentially bad words (e.g. Viagra) |
| GW | Good word insertion | Adding words likely to confuse a statistical filter. |
| HB | Hash busting | Inserting randomness designed to make message hashing hard. |
| TA | Tokenization avoidance | Preventing a filter from tokenizing a message. |
| UH | URL hiding | Hiding a URL so that a user is fooled into clicking an incorrect link. |
| UO | URL obfuscation | Making it hard for a filter to identify a URL and check it against a black list. |
| WB | Web bugs | Inserting a beacon that tells the spammer that a message has been read. |
Technologies
For a single name there could be multiple tricks using different technologies (e.g. some tricks might be implemented using HTML or CSS), or tricks that are intended for different purposes (words might be inserted to fool a Bayesian filter or to break a hash).
This table shows the 'technologies' that are recognized in the naming scheme:
| CSS | Use of CSS |
| HTML | Any HTML without using CSS |
| Javascript | Use of Javascript for trickery |
| MIME | Manipulation of MIME |
| Use of PDF files | |
| Plain | Plain text |
| Image | Images (GIF, JPG or PNG) |
| Flash | Macromedia Flash |
| Audio | Any audio file format |
| Office | Any office file format |
1 across, 3 down
A Flash In The Pan
A Form of Desperation
A Numbers Game
About Face
Absolute Zero
And in the right corner
Animated Noise
Another Form of Desperation
Are you feeling lucky, Sergey?
Big Header-ed
Blankety Blank
Bogus Login
But, is it art?
Camouflage
Catch a Wave
Chop GUI
Control Freak
Cross your fingers and click
Doing The Twist
Doing the Splits
Don't Cramp My Style
Enigma
Excel Sent
FlexHex
Floatation Device
Honey, I shrunk the font
Honorary Title
Hypertextus Interruptus
In the background
Internet Exploiter
Invisible Ink
It's Mini Marquee!
L O S T i n S P A C E
MIME is Money
No Whitespace, No Cry
Now you see it; now you don't
Phish Phorm
Pretty Darn Fancy
Pump up the volume
Script Writer
Slice and Dice
Slick Click Trick
Sound of Silence
Speaking in Tongues
Spell Breaker
Sticky Fingers
Strip Mining
The Big Picture
The Black Hole
The Daily News
The Matrix
The Microdot
The Office
The Rake
The Sieve
The Small Picture
The tURLing test
Times Square
Treasure Map
WYSI_not_WYG
Where are you going?
Whiter Shade of Pale
You cannot be serious
You've been framed
Ze Foreign Accent
See also
Spammers' Compendium
Resources
Poll
Will new browsers like Firefox 3, Internet Explorer 8 and Opera 9.5 help fight web-based malware?Leave a comment
View 15 comments
VB100 certification
John Hawes dusts off his Linux skills for a comparative review of anti-malware products on the Ubuntu Server platform.
See full results.
Virus Bulletin currently has 127,159 registered users.