Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spam is funny!

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 30 Apr 2007 19:40:14 +1200
Shaun wrote:


One trend I've noticed recently is that spammers appear to be tailoring
the subject headers to individual recipients. I'm not talking about the
crap where they stick your name in the subject, it seems they're getting
much more specific, and perhaps tracking where they picked up an email
address to begin with and which sort of subject lines might pique the
recipient's interest. 

I receive a lot of spam where I glance at the subject - even if SA has
tagged it - and actually have to wonder whether or not it's a legit
message, because the subject is relevant to my interests. A quick
example,

Subject: The Redirect requests to SSL port option allows you to redirect
requests to the specified SSL port.

I do a lot with SSL, so naturally I opened up that email just to see
what the heck they're on about. Of course it turns out to be a stock
spam for CYTV. But I get a lot of spam now with unix-ish, programming,
or other geek related subject lines that I have to take a look at
because they _could_ be legit. 


I've seen a lot of spam lately (last 6-8 weeks -- maybe more) using, as 
their "Subject" lines similar such "sentences" from online copies of 
(mostly) Linux-ish books and "how to" articles (and often as the hash-
buster text in the message body).  This may be loosely targeted -- we 
quite possibly subscribe (and post?) to several similar mailing lists 
and the use of our addresses _in this particular spam_ may be from 
harvesting such lists or their web archives -- or it may be that some 
spammer thinks (or knows from monitoring his RoI) that such "techno-
speak goobledegook" Subject: lines work better (non-tech folk _may_ 
have been conditioned by much poorly-considered "tech support" to "dumb 
down" when anyone starts "talking techie" at them...).


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: