About Me

Sharath Veerabhadraswamy

Sharath Veerabhadraswamy

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

ASCII Art Spam Strikes Back

Monday, October 19, 2009 at 4:25am by Sharath Veerabhadraswamy
Sharath Veerabhadraswamy

Spammers are always looking for techniques that can beat the spam filters. We have seen various techniques for spamming–like obfuscating words, embedding text in images, spoofing urls, abusing social networking sites, and many other techniques for spam to avoid getting caught.

One of these techniques is ASCII art, an artful way of representing an image using text characters. These representations first appeared long ago to overcome the limitations of computers for displaying graphics.

Example:

______    _____   ______    _       _____    _____     ___
| ___ \  |  ___|  | ___ \  | |     |_   _|  /  __ \   / _ \
| |_/ /  | |__    | |_/ /  | |       | |    | /  \/  / /_\ \
|    /   |  __|   |  __/   | |       | |    | |      |  _  |
| |\ \   | |___   | |      | |____  _| |_   | \__/\  | | | |
\_| \_|  \____/   \_|      \_____/  \___/    \____/  \_| |_/

The clever thing is that each line has some random characters with _ and | characters, which do not resemble any part of the word replica. If we take the entire picture into consideration, though, our eyes can read it as a word. The spammers try to take advantage of this to pass through spam filters and deliver their intended message.

Not only are the words represented in this manner but even URLs can be displayed in this way to avoid the blacklisting of the domains.

ASCII art spam is not limited to only nonword characters. It can be numbers, alphabets, and combinations of both, which can make things even worse for certain spam filters:

dP""b8  88     db     88     88  dP"Y8
dP      88    dPYb    88     88 `bo
Yb      88   dP__Yb   88     88   `Y8b
 YboodP 88  dP""""Yb  88ood8 88  8bodP'

ASCII art spam example

In the email above we can see that the spammer is advertising a pharmacy product without using the respective words, yet still successfully conveys the message.

We saw this spam technique some time back, but it had died off. Recently, however, we have seen an increase. McAfee customers are protected from this type of spamming technique.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (0)