Twelve years ago the IT security world was fighting against an unprecedented amount of spam emails. Spam is not and never was just a nuisance; it is a big problem because it slows down the good emails and takes up resources. Together with Virus Bulletin and some antispam researchers from various companies, a list called “The Spammer Compendium” was created. This list contains methods used by spammers to trick spam filters and to have their emails delivered to the end users.
One of the methods listed there is called “Ze Foreign Accent” spam or(BWO!Accent!Plain).
The main characteristic of this method is the usage of special characters called “accents”. They make no sense in English, but they exist in other languages like French, German, Romanian, and others.
We haven’t seen this kind of spam in the wild for many years now because it was very easy to detect (due to the heavy usage of special characters). So you can imagine our surprise to see this technique pop up again in a spam message.
What makes “Ze Foreign Accent” spam so special?
This spam is special because it combines various methods described in “The Spammer Compendium”:
- Whiter Shade of Pale – TA!Pale!HTML and Invisible Ink – GWI!Invisible!HTML – the insertion of characters colored just like the background so that they can’t be visible in an email client.
- Ignore the smallprint – TA!Smallprint!HTML and Honey, I shrunk the font – GWI!ShrunkFont!HTML – the insertion of small formatted characters instead of white spaces.
- The classical insertion of random pieces of text that makes no sense, in order to confuse the Bayesian spam filters.
The first two techniques are immediately visible once the body of the email is selected (see picture).
Additionally, the spam is addressing the recipient of the email by full name taken from the “From” field. The subject of the email is “Re: Mrs. Amalee Crigger LIKED <full name> and left a new MESSAGE for <full name>”. This is easy to implement, of course, but it requires more information and CPU power in order to create the dedicated message.
What should you do?
We said it back then, we keep saying it now: never click on links in spam messages. You never know what hides behind that URL: malware, phishing, identity theft, scams, etc.
If your spam filter didn’t catch the spam and you see something that looks rather strange, just like “Ze Foreign Accent” spam, erase it.
© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch