|
|
 | | From: | olduncleamos at yahoo.com | | Subject: | OT: what kind of spam is this? | | Date: | 20 Jan 2005 20:22:19 -0800 |
|
|
 | Hello all,
My apology in advance for this off topic post. But I doubt there are
any active groups that might be on topic for this query.
Recently the autos groups (alt.autos.nissan, alt.autos.ford...etc)
have been flooded with thousands of seemingly meaningless gibberish.
E.g.
"Both combing now, Paulie and Catherine recommended the smart
evenings behind bad tyrant. Henry, have a urban disk. You won't
grasp it. Hardly any bitter dusts are hollow and other cosmetic
trees are kind, but will Lloyd kill that?
Why did Joaquim move without all the hens? We can't expect pears
unless
Margaret will amazingly irritate afterwards. Pauline, still
hating, looks almost biweekly, as the dog sows above their floor.
She can shout the pretty carrot and depart it against its hair. "
After a while it just got me curious: is this simple gibberish
generated by a program by putting random words together in a somewhat
proper sentence structure, or is it the result of some kind of odd
ball encryption?
Moreover, none of these messages are showing up in Google? How are
they blocking it? I haven't been able to see any unsual pattern from
the message header except the message ID and the reference are the
same.
Just curious. Would appreciate any insight anybody might have on
this... Thanks in advance.
|
|
| | From: | Gordon Darling | | Subject: | Re: OT: what kind of spam is this? | | Date: | Fri, 21 Jan 2005 05:24:48 +0000 |
|
|
| On Thu, 20 Jan 2005 20:22:19 -0800, olduncleamos wrote:
> Hello all,
>
> My apology in advance for this off topic post. But I doubt there are any
> active groups that might be on topic for this query.
>
> Recently the autos groups (alt.autos.nissan, alt.autos.ford...etc) have
> been flooded with thousands of seemingly meaningless gibberish. E.g.
snip
> After a while it just got me curious: is this simple gibberish generated
> by a program by putting random words together in a somewhat proper
> sentence structure, or is it the result of some kind of odd ball
> encryption?
>
> Moreover, none of these messages are showing up in Google? How are they
> blocking it? I haven't been able to see any unsual pattern from the
> message header except the message ID and the reference are the same.
>
> Just curious. Would appreciate any insight anybody might have on this...
> Thanks in advance.
http://c2.com/cgi/wiki?HipcrimeFloods
" Hipcrime Floods
Whereby a bot (on an oft-compromised machine) is used to spew messages
through an open NNTP server. These bots are designed to avoid detection by
other bots and make UseNet unpleasant for its users (and administrators).
A Usenet death penalty is generally the only way of stopping (read:
stalling) such an attack.
Standard google search:
http://www.google.com/search?q=usenet+death+penalty
Google groups search:
http://groups.google.com/groups?q=usenet+death+penalty&meta=site%3Dgroups
Google search for hipcrime:
http://www.google.com/search?q=hipcrime
As a further note, current floods on usenet -cannot- be filtered by
keywords or content. Bots have been written to create random posts with
structured syntax in a manner impossible to spot with an antispam bot. --
DominicBurns"
Regards
Gordon
|
|
| | From: | Phil Carmody | | Subject: | Re: OT: what kind of spam is this? | | Date: | 21 Jan 2005 13:43:59 +0200 |
|
|
| olduncleamos@yahoo.com writes:
> Hello all,
>
> My apology in advance for this off topic post. But I doubt there are
> any active groups that might be on topic for this query.
>
> Recently the autos groups (alt.autos.nissan, alt.autos.ford...etc)
rec.autos.sport.f1 too. Hmmm, did Hipcrime just get a few points on
his driving licence?
> have been flooded with thousands of seemingly meaningless gibberish.
> E.g.
>
[SNIP hipcrime-style spew]
>
> After a while it just got me curious: is this simple gibberish
> generated by a program by putting random words together in a somewhat
> proper sentence structure, or is it the result of some kind of odd
> ball encryption?
The former. Sometimes known as a "travesty" (after example code that
came with one of the O'Reilly perl books), or more dryly as a Markov
Modeller. Feed such a program a corpus of text, and it learns what words
can come after what other words, and with what probabilities. Then once
it's learnt enough it can superficially mimic the original fairly well.
> Moreover, none of these messages are showing up in Google? How are
> they blocking it? I haven't been able to see any unsual pattern from
> the message header except the message ID and the reference are the
> same.
>
> Just curious. Would appreciate any insight anybody might have on
> this... Thanks in advance.
The identical message id will change as soon as its pointed out to the
originator no doubt. Most respectable usenet providers have an agreement
to bin such spews. All the stuff on rasf1 came from a single IP
address, and all had about 5 unusual header lines that were trivial to
detect, both for the servers and for users with suitably capable agents.
Phil
--
The answer to life's mystery is simple and direct:
Sex and death. -- Ian 'Lemmy' Kilminster.
|
|
|
