It does. When someone makes something, it is natural instinct for them to want to test it, see if it works.
I would certainly agree with this. However, remember that Microsoft recently released a "patch" that "fixed" certain issues with their IPsec implementation (I believe that was what it was, anyway). This is the same patch that destroyed Internet connectivity for 600,000 users. No one can tell me that Microsoft can't afford the quality assurance and even if they were a little too eager to release the patch--given their colorful history--I would have thought that a company *that* big would have been able to find a problem with a patch. If Microsoft can goof up, even one time, on a very massive scale, I don't see any reason why someone else, hurrying to release a new spamware would forget to test certain features. Whether or not this is a definitive demonstration of forgetfulness or shear stupidity, I'm not sure. As you pointed out later in your e-mail, we should give the author credit since it could very well be the fault of the end-user. I'm willing to entertain both possibilities, if only for my own amusement.
Raping proxies is hardly rocket science, irc skript kiddies have been
abusing socks proxies for as long as i can remember, but it would still
require some skill to program. The use of html comments to try and
obfuscate the message displays some knowledge of the issues at hand, the
author is looking at someone's antispam filter and trying to get around
it.
When I first saw this countless weeks back, I was delighted. SpamAssassin caught the junk anyway, regardless of how thoroughly it was obfuscated. (Version 2.53 I believe.) However, even if they understand the issue at hand and they are trying desperately to circumvent filters, it obviously isn't working too well. Or perhaps they are targeting another filter that isn't as intelligent as SA. I always thought the invalid tags, the comments, and the random words were intended to confuse filters that don't strip suck entities or perhaps they were designed to circumvent Bayesian filters. I'm not very familiar with Bayes filtering, but from what I read on Paul Graham's site, it would certainly make sense--but only if they were trying to avoid a filter that depended solely on Bayesian classification. I very well could be wrong but it's the only thing that makes sense.
The fact is simple: The author understands the issue but is not well educated enough about its implementation to be overly successful. Let's hope it stays this way.
I'm not saying he's the brightest bulb in the pack, but spamware writer is displaying some intelligence. Maybe he just doesnt care about the rest of the world, but he's not totally stupid or he wouldn't be able to get his spam thru a socks proxy. The contrast between being intelligent enough to rape proxies and being dumband unnatural enough to not check your output seems, well, ridiculous to me.
I read an article in Discover magazine a number of months ago where some scientists were able to train the nervous cell of a leach to perform reasonably well at remedial mathematics. It could add, subtract, and multiply (division, if I recall the article correctly, was something it could not quite perform). Does this mean the leach possess some sort of über-intelligence? Yes, it is probably in bad taste to compare spammers to leaches (I'm insulting the leach), but I hope you see my point. Just because he can perform with some skill and demonstrate at least a half-clue doesn't mean he's necessarily going to strike gold, nor does this mean he is deserving of any respect. Besides, there's tons of places out there to find source code that will do most nearly any task anyway! For all we know, the only thing he is aware of is point A, point B, and that he wants to be at point B but doesn't have a very solid clue of how to get there. Hell, this could even be a spamware software maintainer for all we know -- and if you've ever read the guide, "How to Write Unmaintainable Code," by Roedy Green, you will have some idea of how much pain and suffering such a soul must endure. Now, couple this with spam.
The more I think about it, the more I think that spam renders in something, I'm sure it does. It works just like the author meant for it to work. Either it renders in oe (can't test here, this is a microsoft-free zone) or it is specifically made to spam a web-oriented mail service (yahoo or aol or something) that blindly strips anything outside a limited subset of html (which would be a reasonable security measure for a webmail service to take) and the truly stupid spammer end-user fed it the wrong address list.
The end-users are the grunts, plain and simple. And if they fall for the sales pitch in the first place, I should think this to be quite indicative of their IQ (or lack thereof). I think you're right--they're probably the clueless, point-and-click happy nitwits who screwed up the software in the first place.
I think I'm going to keep an eye on this one, maybe send a few comment-obfuscated links to a free beer to friends on various webmail services and see if any of them get it intact :))
Haha you're evil. "Free beer" to the first guinea pig who notices the links (okay, I contorted that badly).
It's a pity someone couldn't find a copy of this spamware (source) and do something malicious, such as embedding a worm or what have you that would divulge information about the spammer's language (location, perhaps?), their connection speed, etc. This would most certainly be against most countries' laws but isn't it time to put the gloves down, spit upon our hands, and start playing dirty?
(Bad suggestion, perhaps, but I think most of us subscribed to this list have a reason we're here, and I'd be willing to bet three chimpanzees and a rhino that it's because we're sick and tired of spam.)
-- Benjamin A. Shelton "What do you mean it won't turn on? Did you plug it in?" *silence* [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
