Hello, I found a new set of listwashing tokens, all are located inside HTML comments.
I created the following transform matrix: Left side is what the letter should be, the right side is the transformed text. An example looks like: Message sent to [EMAIL PROTECTED] would look like: <!--_ssi9szd[80,sz--> a=d b=O c=, d=9 e=F f=_ g= h=$ i=[ j=u k=@ l=S m=z n=8 o=s p= q= r=A s== t=3 u=n v=N w=? x= y=R z= 0= 1= 2= 3= 4= 5= 6= 7= 8= 9= -=Z _=P .=0 @=i Anyone have a name for this one or see it before? Frederic Tarasevicius Internet Information Services, Inc. Yorkshire Dave wrote: > On Mon, 2003-08-18 at 14:38, Brian White wrote: >>>> If anyone's interested, my part-complete document on listwashing >>>> tokens is at >>>> http://www.wot.no-ip.com/show.me/Projects/Listwashing_Tokens/ and >>>> the rule generator itself is >>>> http://www.wot.no-ip.com/cgi-bin/detoken.pl >>> >>> Excellent analysis! Also we're pretty sure figuring out some way to >>> catch these inside SpamAssassin, automatically (ie. without the >>> prior rule-building) would be very nifty. >> >> So that's what those are! I was wondering. >> >> Wouldn't the Bayes tests be just the thing for these since it's >> already adaptive? > > The reason I started out collecting ciphers months ago wasn't to block > spam but to identify that there are listwashing tokens in the message, > to make a spam cleaning utility for reporting purposes. Then I > realised bayes doesn't seem to be catching some of them, they're a > surefire spamsign which tends to occur more often in lower scoring > spam, and there are people who want the rules. > >> What I can see happening, though, is spammers start using a "salt" >> so that the entire string is effectively random. > > Some already seem to use a lot stronger crypto than others, I have a > file full of uncracked. Even with those, the majority are still fairly > simple ciphers, they look like the sort of thing a 12 year old might > devise, shifts that change every time they hit a non-alphanumeric, > things like that. I've had people sending me listwashing tokens for > months, and to date I've only seen 2 which I couldn't get anywhere > with. I suspect blowfish or similar is beyond the ability of some of > them, they can't use what they can't understand, which is why we're > seeing variants on classic ciphers. Think about it, if you were > trying to hide information in a message, would a simple shift even > get considered? > > If the spammers adapt, they'll be doing it in their time and at their > expense, so at least it's cost them something. I'm all for making them > waste their time and money. If it doesn't do anything else at least it > keeps the pressure on them. > >> >> Brian >> ( [EMAIL PROTECTED] ) >> >> ------------------------------------------------------------------------- ------ >> There's no healthy way to mess with the line between wrong and >> right. > -- > Yorkshire Dave ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
