funsec mailing list archives
RE: Image spam hits a new level...
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 21 Nov 2006 08:22:15 +1300
Brian Azzopardi to Larry Seltzer:
Adding random dots and rectangles would add a trivial amount of CPU - and by doing it at the bot the load is distributed. ...
As is now definitely being done by the spam-bots installed by Warezov/Stration.
... The distortions are more costly, but nothing like compared to the CPU required for OCR.
Of course. As I keep saying, botnets mean that the spammers will always outscale any "antispam" approach that simplistically "works" by making sending Email "more expensive" (for any computer-related or mediated "resource", be that bandwisth, CPU cycles, some other form of "time", e-cash, weak "authentication", etc, etc, etc).
Spammers can always break an image into multiple ones. ...
Ummm, sorry -- not "can", but "have": http://www.jgc.org/tsc/ Look for "Chop GUI" (and read the associated blog entry). Look for "The Small Picture". And look their recent "combination" in: http://www.jgc.org/blog/2006/11/ransom-note-spam.html (Although my characterization above does not mirror John's, I don't disagree with him -- the "ransom note" example is doing several things and John's blog entry and my use of it here are focussing on some ifferent characteristics of this particular spam, which clearly has anti-OCR _AND_ other characteristics.)
... For anti-spam software to piece the images together again (as rendered by the client) to be able to OCR them would be a pain. IMO OCR is a dead end.
If your scanner will need a modestly complete HTML renderer to arrange multiple image components so you'll be able to actually work out what the human reader of the message will be eyeballing, you'll be well outside the reasonable CPU resources that can be expected to be thrown at recognizing the message as spam, even if that is _theoretically_ possible. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Image spam hits a new level..., (continued)
- Re: Image spam hits a new level... David Lodge (Nov 19)
- Re: Image spam hits a new level... Nick FitzGerald (Nov 19)
- Re: Image spam hits a new level... coderman (Nov 19)
- Re: Image spam hits a new level... Nick FitzGerald (Nov 20)
- Message not available
- Re: Image spam hits a new level... Nick FitzGerald (Nov 20)
- Re: Image spam hits a new level... Jeff Kell (Nov 20)
- RE: Image spam hits a new level... Larry Seltzer (Nov 20)
- RE: Image spam hits a new level... Nick FitzGerald (Nov 20)
- Re: Image spam hits a new level... Valdis . Kletnieks (Nov 20)